Howdy all... I'm stumped and interested in some tips to track down how this is working. Environment: Puppetserver 7.17 and foreman 3.14. This year we've updated from old versions of Puppet... I think it was 2.7 (that was fun!) I have two hosts using a locally built proftpd module ages ago. The structure looks like it was developed with the PDK. (init and params manifests). There is a variable called $service_manage that controls if the proftpd service is managed (duh). These hosts are set up in different clusters and should have $proftpd::service_manage set to "false" so the cluster can manage it. I added a notify{} before $service_manage if statement and one one host it is "false" and another has it as the default "true". I can't find where it is being set to "false". I've confirmed it is being set in the host's catalog (not cached in the puppet client). Places I've looked: grep -ir service_manage /etc/puppetlabs/* (includes modules and hiera) foreman node parameters via the web foreman database parameters table Any idea where else to look? I wonder if the upgrades kept an old setting somewhere? I want to fix the old host, but not at the expense of the working one!

@rmeden you want to use "puppet lookup" on the puppetserver to check for hiera values

@Leon Ross has left the channel

Hello, i have a strange situation. I have Puppet sever open source 7 and i have RHEL 9 virtual machine (VM). On this VM i installed Puppet agent and it was working fine. Then this VM was moved to another network and its hostname was changed. Now when i logged into this VM, it's new hostname is "a-dfweq-pgk-001". I went to Puppet server and checked - there is no certificate for this hostname. Then i returned to client VM and stopped puppet service and removed /etc/puppetlabs/puppet/ssl directory completely and after that i executed "puppet agent -t". Usually it should make a new CSR and contact Puppet server to auto sign certificate. But right now i have next error:

a-dfweq-pgk-001 /etc/puppetlabs/puppet # puppet agent -t
Error: Connection to <https://d-dfweq-vua-011.example.com:8140/puppet-ca/v1> failed, trying next route: Request to <https://d-dfweq-vua-011.example.com:8140/puppet-ca/v1> failed after 0.005 seconds: Connection reset by peer - SSL_connect
Wrapped exception:
Connection reset by peer - SSL_connect
Error: No more routes to ca
Error: No more routes to ca

I can see that puppet agent didn't created certificates:

a-dfweq-pgk-001 /etc/puppetlabs/puppet # tree ssl
ssl
├── certificate_requests
├── certs
├── private
├── private_keys
└── public_keys

What interesting when i check on the client VM nslookup, ping, and nc -vz d-dfweq-vua-011.example.com 8140 everything is ok. I even checked tcpdump on Puppet server -> traffic is going ok in both directions. Also i checked SELinux, restarted puppetserver service, checked puppet.conf on client VM. Could you please help me to fix this issue? (also i was using ChatGPT to troubleshoot it, followed all suggestions and it is still not resolved)

Something terminates your connection. Maybe a firewall, load balancer, or http proxy

dumb question ... fact names all share a global namespace. what happens if multiple modules contain the same fact (i.e.

pdk new fact xyz

) ? ... common sense tells me that only one of them would end up in

/opt/puppetlabs/puppet/cache/lib/facter/

on the target machine (even if both are sent, one would overwrite the other), so only one would end up being executed ... i know the "correct" answer is "don't do that", but if somebody does, is there any way to know which one would end up existing on the target machine?

Hi everyone How can we manage this pull request on docker module ? https://github.com/puppetlabs/puppetlabs-docker/pull/965

what do you mean by "manage" it

Hi everyone, I’m building a proof of concept (POC) of Puppet and need to install PuppetServer on an EKS cluster. The server will run on my EC2 instances, and we’re using Puppet Open Source. I haven’t found consistent documentation about Puppet on Kubernetes. The only option I found is to run the PuppetServer on EC2 instances, which we don’t want. Since the official image in the Docker Registry is deprecated, and the Voxpuli Puppet Server image is too, I had to build a Dockerfile. https://hub.docker.com/r/puppet/puppetserver/ https://hub.docker.com/r/voxpupuli/container-puppetserver I noticed the official Puppet Server Helm Chart: https://github.com/puppetlabs/puppetserver-helm-chart, but some of its dependencies reference Bitnami images. Do you have any suggestions for alternatives to this? If you’ve faced a similar challenge (PuppetServer on a Kubernetes cluster) before, please share your experience and knowledge with me. Thank you so much.

@Jason St-Cyr Is there a way to get the puppetlabs-apt module to a better state? Ubuntu 24.04 isn't supported yet, neither Debian Trixie.

Hi everyone. I'm running open source Puppet version 7. I'm using the roles/profiles architecture to manage my configurations. I'm using the puppetlabs/docker module to manage my compose files/services (docker_compose resource definitions) for various application stacks. One of my compose-based application stacks is an nginx reverse proxy for a number of FQDNs. I'm writing a custom module to manage certificates using lego. My lego module loops over a list of domains and uses exec resources to create/renew the certificates. I'm struggling to figure out how to declare the dependencies between my lego module certificate creation and/or renewal with restarting my nginx stack. I'm trying to keep the modules as loosely coupled as possible. I've tried creating File resources for the certificates within the loop and subscribing the nginx docker_compose resource to the certificate File resources. I am getting errors from the nginx docker_compose that the File resources do not exist, presumably because they are dynamically generated in the loop and haven't been actualized yet? I've thought that somehow declaring the dependencies within my profiles is a better approach, but I haven't been able to wrap my head around how to declare a dependency in a class external to both the File or Docker_compose resources. I'm looking for suggestions on the best way to approach this situation. Should I give up the idea of loosely coupling the module? Is there a way to subscribe to resources that are dynamically created within a loop in a different module?

question ... i'm looking at https://help.puppet.com/pe/current/topics/certificate-authority-service-parameters.htm ... i hadn't realized that agent certs are only 90 days and are automatically re-issued, that is cool ... my question is, does the same thing happen for the CA certificate?

Hey everyone ! Trying to understand how the Puppet CA works. When I'm submitting a new CSR as an agent to the Puppet Master, how is the transaction secured ? Most importantly with which certificate ? As far as I'm aware, the certificate exposed by the Puppet Master server is not signed by a trusted CA by the agent (I think) for now. How does this not fail ?

is this an issue with Github, or with access to the modules? (same iwth

$ git clone git@github.com:voxpupuli/voxpupuli-release.git
Cloning into 'voxpupuli-release'...
ERROR: user:1710103:maxadamo
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

I was typing: same with HTTPS. p.s.: one hour ago Codeberg was down. What's wrong today? 🙂

cloudflare was barfing early this morning

Github has issues again

finally they put something up https://www.githubstatus.com/incidents/5q7nmlxz30sk I was seeing weirdness with the web interface an hour ago

yuuup. Just tried an r10k and it failed spectacularly

question ...

puppet strings

generates a

doc/

directory with HTML documentation for the current module ... is there a way to take a collection of all

modules/*/doc/

directories and "combine" their content into a single set of HTML documentation for the entire "code base"?

That's what the puppet strings server can do.

And there is also https://www.puppetmodule.info/modules

is there any documentation about "the puppet strings server"? all i've ever seen is the output from

puppet strings server -h

, which is ... a bit sparse.

Yes that's it

okay ... i just ran

puppet strings server --modulepath $HOME/blah/

... it looks like it went through all the modules, the last thing it printed was

Starting YARD documentation server.

and then it dropped back to a command prompt ... when i try to access

<http://localhost:8808/>

it gets "connection refused", and

netstat -af inet

shows nothing listening on port 8808 ... when i've run similiar things in the past, it would generally print a URL and then wait for incoming connections, rather than dropping back to a command prompt ... did something go wrong and not print an error message?

I am quite sure it should run in foreground

it looks like it created a

doc/

directory, and looking at the files within that directory it looks like there are individual documentation files for each class, defined type, etc... but the

index.html

has "Puppet Class Listing A-Z" but only lists one class (which, coincidentally, looks like the last class it processed)

and actually, what i'm hoping for isn't a running "server" with the docs, but the collection of HTML/CSS/JS/etc. files that appears to be in that

doc/

directory, that i can upload to a directory on an internal web server, to act as static documentation for a specific "version" of the puppet code ... so to me, the broken indexes are a bigger problem than the "web server isn't running" thing.