https://www.puppet.com/community logo
Join Slack
Powered by
# puppet
  • e

    erik

    06/16/2025, 3:32 PM
    wait a second. the PDK is no longer available through Homebrew, only as a licensed download?
  • b

    bastelfreak

    06/16/2025, 3:41 PM
    yes
  • e

    erik

    06/16/2025, 3:42 PM
    🤬
    💯 4
  • b

    bastelfreak

    06/16/2025, 3:49 PM
    Switch to vox pupuli tooling? :)
    💯 2
  • v

    vchepkov

    06/16/2025, 5:00 PM
    Have I missed a memo? How do you install vox tools on mac ?
  • b

    bastelfreak

    06/16/2025, 5:13 PM
    We don't have a CLI tool yet. We've the sig-devkit channel for that: https://voxpupuli.org/connect/. but our tooling doesn't require specific ruby versions. If you've any Ruby from the past 5 years installed, you can run out testing/releasing stuff locally, we've a CI public pipeline that other can reuse and we have modulesync to rollout boilerplate code to modules.
  • b

    bastelfreak

    06/16/2025, 5:13 PM
    and we also have voxbox, a container that bundles all the stuff for you, so you don't even need ruby locally: https://github.com/voxpupuli/container-voxbox
  • v

    vchepkov

    06/16/2025, 5:19 PM
    ah. I thought mac's puppet/bolt/pdk
  • b

    bastelfreak

    06/16/2025, 5:23 PM
    we've an openvox agent for mac, there will be a bolt package in the future
  • m

    matt

    06/17/2025, 7:44 AM
    have I read the puppetlabs-mysql grant resource correctly, in that there is no way to sent a grant at an instance level or globally to a user, because it depends on the 'table' parameter which must be $database.table format https://github.com/puppetlabs/puppetlabs-mysql/blob/main/lib/puppet/provider/mysql_grant/mysql.rb
    t
    y
    c
    • 4
    • 54
  • i

    Ian CB

    06/17/2025, 2:58 PM
    We have a process which uses exported resources to populate a ‘configuration’ file structure on a central host. The central host then processes the configuration files, via a script called by cron, it finds to configure resources in an application. • We have purge set on the owning directory … so if an exported resource goes away the config file is removed • We have notify on the file resource (which creates the config files) which touches a timestamp file for the script to use to check if it needs to do anything • We dont currently have anything that touches the timestamp if files are removed Can we put a notify on the file resource for the directory, and will that trigger if files are purged from the directory ?
    y
    l
    • 3
    • 2
  • v

    vchepkov

    06/17/2025, 6:20 PM
    You can add metaparameter
    audit => 'mtime'
    on the directory, that will make it to notify an exec or a service. I don't think directory itself is "notifiable"
  • v

    Vivek

    06/23/2025, 9:45 PM
    Hi there, I wanted to install some special packages from particular DNF repos (which are disabled by default) eg, wanted solution like:
    Copy code
    package { 'PACKAGE_NAME':
      ensure   => installed,
      install_options => ['--enablerepo=REPO_NAME'],
    }
    But this is not working. Anyone?
  • s

    simonhoenscheid

    06/24/2025, 5:16 AM
    @Vivek if this is a DNF module, have a look at this snippet: https://github.com/puppetlabs/puppetlabs-postgresql/blob/main/manifests/dnfmodule.pp
  • v

    vasunder K

    06/26/2025, 10:50 AM
    Hello Team, We recently upgraded our servers [Foreman + Smart Proxy servers] to 3.15. While we navigate to check the host configuration n/ the puppet metrics, here is the sample link: [https://puppetserver-foreman-npd.np.rcsvcs.aws.lllint.com/new/hosts/xxxxx#/Puppet/reports?page=1&per_page=20&search=] we keep seeing the following error message in Foreman UI: Error: Minified React error #130; visit https://reactjs.org/docs/error-decoder.html?invariant=130&args[]=undefined&args[]= for the full message or use the non-minified dev environment for full errors and additional helpful warnings. Could you please assist us what is this error about? in p in div in dd in DescriptionListDescription in div in DescriptionListGroup in dl in DescriptionList in div in CardBody in div in CardExpandableContent in div in Card in div in GridItem in u in T in div in GridItem in div in Grid in div in i in t in t in i in p in component in d in k in t in t in t in t in u in Unknown in j in t in t in c in d in a in main in div in Page in div in FlexItem in div in Flex in c in v in t in o in a in k in s in div in A in IntlProvider in I18nProviderWrapper(A) in d in StoreProvider(I18nProviderWrapper(A)) in DataProvider(StoreProvider(I18nProviderWrapper(A))) in Unknown
    b
    • 2
    • 2
  • j

    Jason St-Cyr

    06/26/2025, 5:50 PM
    Hey all, you might see the "Puppet Support Assistant" app get added to a few channels. It doesn't do anything yet, but we're trying something out with the Slack API! Hopefully it works and can be helpful!
  • b

    Bob Negri

    06/27/2025, 3:41 PM
    Could anyone retrigger this PR? It failed last time as Ubuntu 20.04 was no longer supported. define Enum on supported encryption types for postgresql_password by figless · Pull Request #1611 · puppetlabs/puppetlabs-postgresql
  • m

    matt

    06/28/2025, 9:15 AM
    I'm trying to map how the puppetlabs-postgresql module, takes the parameter $ipv4acls and actually outputs it into the config, I understand it's capturing a list of strings that are already in a format postgresql understands, but I can't see how that then gets output into the config file that postgresql parses, it's not in the templates and I can't see it being merged into another parameter that supersedes it any pointers of how this param actually get put into the configuration files
    b
    • 2
    • 6
  • j

    jms1

    06/30/2025, 7:22 PM
    question ... as part of an upcoming exercise, i'll be adding a parameter whose value ends up being used as a password. one of the clients involved has a set of corporate requirements for passwords (minimum length, at least one each upper/lower/digit/other, etc.) ... one of the requirements is, and i quote: "Secrets must be randomly generated for each customer or user" ... is there an existing way to test for "must be randomly generated"? i.e.
    bvy9873y,Raonf
    passes, but
    aaa111AAA!
    would not
    s
    b
    +3
    • 6
    • 14
  • b

    Brian Schonecker

    07/02/2025, 6:01 PM
    Good 14:01 EDT. Is there a linter available for the Puppetfile itself? I've tried various puppet-lint and bundle rubocop:autocorrect, etc but none support the Puppetfile.
  • b

    bastelfreak

    07/02/2025, 6:03 PM
    you can just #YOLO it
  • b

    bastelfreak

    07/02/2025, 6:03 PM
    it's Ruby
    ruby 1
  • v

    vchepkov

    07/02/2025, 6:07 PM
    I use g10k in pre-commit hook
  • v

    vchepkov

    07/02/2025, 6:08 PM
    https://github.com/chriskuehl/puppet-pre-commit-hooks/blob/master/ruby-stubs/g10k-validate
  • b

    Brian Schonecker

    07/02/2025, 6:11 PM
    Thank you. I'll look at that.
  • m

    matt

    07/02/2025, 6:41 PM
    using the puppetlabs-postgresql module, I've made a user error, I've set parameters in my postgres configuration that is stopping the module validate (and if needed change) the postrgresql password I can see the issue in debug
    Debug: /Stage[main]/Postgresql::Server::Passwd/Postgresql::Server::Instance::Passwd[main]/Exec[set_postgres_postgrespw_main]/unless: psql: error: FATAL: password authentication failed for user "postgres"
    Debug: Exec[set_postgres_postgrespw_main](provider=posix): Executing '/usr/bin/psql -c "ALTER ROLE \"postgres\" PASSWORD ${NEWPASSWD_ESCAPED}"'
    Debug: Executing with uid=postgres gid=postgres: '/usr/bin/psql -c "ALTER ROLE \"postgres\" PASSWORD ${NEWPASSWD_ESCAPED}"'
    Notice: /Stage[main]/Postgresql::Server::Passwd/Postgresql::Server::Instance::Passwd[main]/Exec[set_postgres_postgrespw_main]/returns: ALTER ROLE
    Notice: /Stage[main]/Postgresql::Server::Passwd/Postgresql::Server::Instance::Passwd[main]/Exec[set_postgres_postgrespw_main]/returns: executed successfully (corrective)
    but I can't see a configuration change that would stop the user postgres from connecting to validate/change the password. What I'd like to do is work out what the connection string the puppet module builds up to try to authenticate so I can work backward to see which connection rule I've put in that conflicts. is there a way I can short cut getting the connection string it's using ?
    • 1
    • 1
  • o

    Oleksandr Bilko

    07/03/2025, 8:05 AM
    Hi all! Is it possible to configure a repository with
    signed-by
    using
    key['id']
    in
    apt::source
    ? Currently, with the following configuration:
    Copy code
    apt::source { 'valkey':
        ensure   => 'present',
        location => '<http://repo.percona.com/valkey/apt>',
        repos    => 'experimental',
        pin      => '1001',
        key      => {
            name   => 'valkey.gpg',
            id     => 'BCC3992DBA69042990E7527383A0F11D8507EFA5',
            server => 'keyserver.ubuntu.com',
        },
        notify   => Class['apt::update']
    }
    I only get this result:
    Copy code
    # This file is managed by Puppet. DO NOT EDIT.
    # valkey
    deb <http://repo.percona.com/valkey/apt> bookworm experimental
    Unfortunately,
    key['source']
    is not publicly available via a URL, so it would be convenient to use the
    id
    instead. How can I include the
    signed-by
    option in the generated
    .list
    file?
  • m

    matt

    07/03/2025, 10:07 AM
    are there any recommended patterns or architecture for distributing puppetmaster functionality across multiple nodes, eg: a load balancer -> 3 nodes serving puppet master functionality, or say 3 nodes with round robin dns on them ? the problem will be the certificates/certficate authority and the backend storage, are there any known patterns that support running a distributed / horizontel scale puppet master ?
    b
    b
    t
    • 4
    • 11
  • b

    Brian Schonecker

    07/03/2025, 12:36 PM
    Goo 08:34 EDT. I'm looking for advice on tuning my puppet server. It's getting absolutely hammered all day. I have about 500 clients running puppet once each hour and my CPU percentage is constantly in the 90% and higher on all CPUs. > top - 083314 up 68 days, 23:57, 2 users, load average: 8.49, 6.68, 6.22 > Tasks: 310 total, 2 running, 308 sleeping, 0 stopped, 0 zombie > %Cpu0 : 77.2 us, 3.0 sy, 0.0 ni, 19.8 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st > %Cpu1 : 98.0 us, 0.0 sy, 0.0 ni, 1.0 id, 0.0 wa, 1.0 hi, 0.0 si, 0.0 st > %Cpu2 : 97.0 us, 0.0 sy, 0.0 ni, 2.0 id, 0.0 wa, 1.0 hi, 0.0 si, 0.0 st > %Cpu3 : 94.1 us, 0.0 sy, 0.0 ni, 4.9 id, 0.0 wa, 1.0 hi, 0.0 si, 0.0 st > %Cpu4 : 93.1 us, 2.0 sy, 0.0 ni, 3.9 id, 0.0 wa, 1.0 hi, 0.0 si, 0.0 st > %Cpu5 : 95.0 us, 0.0 sy, 0.0 ni, 5.0 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st > MiB Mem : 24080.1 total, 7336.7 free, 7412.0 used, 9331.5 buff/cache > MiB Swap: 4096.0 total, 4095.7 free, 0.2 used. 16234.3 avail Mem > > PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND > 1712575 puppet 20 0 8903328 4.8g 23272 S 555.9 20.4 12878:20 java As you can see the java process is taking the vast % of the CPU. I've got 24G on the server but only 8G is in use. I've modified the java "stuff" (which escapes me at the moment) and tried the different settings on the tuning guide but so far, my server still gets hammered. I was reading earlier today about environment caching. I'm not sure if that's the next thing I should investigate. Any pointers would be greatly appreciated.
    a
    o
    +4
    • 7
    • 56
  • v

    vkedar

    07/03/2025, 1:09 PM
    I am getting below error for one of my node. Other servers in same hostgroup are not facing this,any idea: Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Cannot reassign variable '$name' on n
    b
    • 2
    • 6