Hi All Do someone know how to install pdk in windows?

I found a curl command were it's looking for api key which I'm not sure

@Navester: Is the curl command you have for downloading from the artifacts URL? The API key in that case is likely asking for your Forge API key set on your account to authenticate to the Forge. Have you tried to download the Windows version from the download site? https://forge.puppet.com/resources/pdk Once you have package downloaded you should be able to double-click the package to run the installer. Installation instructions are here: https://help.puppet.com/pdk/current/topics/install_pdk_windows.htm

While I click download it asks for username and password .May I know which credential is required here . I remember I was able to install the same on my personal laptop long back without any credentials . Can you please here @Jason St-Cyr

@Navester: The docs I linked have the instructions you'll want for the username and password. Short version: Use either your license ID as the password (if you are a customer paying for the software) or use your Forge API key as the password if want to auth with your Forge account. This will be similar to how you would use curl, as well. The latest versions of PDK are now licensed so require either a paid license or an acceptance of the Forge EULA for free use.

Thanks Jason

just curious… I haven’t worked with PE in awhile. Why were the code directories moved to subdirectories under /etc/puppetlabs/puppetserver? And then, why is everything in those a symlink? This seems considerably more convoluted than it has to be.

Note: this was set up by a Puppet Employee

That's the new lockless deploy setup from code manager. The new location makes it easier for in place updates from not-lockless to lockless

The symlinks are the bit that allows the lock to be removed. The target of a symlink can be updated in 1 atomic filesystem operation, so that allows for deploying updates without holding a lock that blocks other work.

so the entire code-staging => code dance is gone?

code-staging still exists

Nope, that's still there. Just

code/

is no longer the end point of the pipeline because that part of the workflow was completely changed.

@tuxmea it’s just not where it used to be, and isn’t obvious to me at the moment (while I explore this beast)

I misspoke… code-staging exists where it always has, but the code sitting right along side it doesn’t do what I thought it does.

code/

is no longer used. Ignore it.

hehe… well, puppet-enterprise-installer, DONT CREATE IT! 😄 😄 😄

For,

$reasons

,

puppet-agent

requires at least an empty

production/

directory or it freaks out a bit.

now I have modules and environments directories which are phantoms

I guess it doesn’t matter… I’m the admin, so I don’t have to worry about other folks tripping on it, it’s just an unexpected evolution of the process

Yup, these sorts of changes will happen from time to time. Versioned deployment has been under development for quite a few years and was promoted to "default" in the 2023.8.0 release.

And that’s what we’ve got here.

looks like the PDK templates still have issues?

pdk (ERROR): Unable to find a branch or tag named "3.3.0"

To be precise, the agent needs the a folder for the configured environment. It doesn't have to be production.

But to be safe, you want production too as that is the default of defaults 😜

Yeah :D

THIS is why Luke perpetually owes me a beer.

I am trying to implement these two iptables rules:

iptables -I INPUT -p icmp --icmp-type timestamp-request -j DROP
iptables -I OUTPUT -p icmp --icmp-type timestamp-reply -j DROP

I did check https://github.com/puppetlabs/puppetlabs-firewall/blob/main/lib/puppet/type/firewall.rb#L46 and it seems this is supported. We, as probably others, use firewall_multi and define our rules in hiera. In Hiera it looks like this:

'973 DROP ICMP TIMESTAMP REQUEST':
    jump: 'drop'
    chain: 'INPUT'
    proto: 'icmp'
    icmp_match: 'timestamp-request'
  '974 DROP ICMP TIMESTAMP REPLY':
    jump: 'drop'
    chain: 'OUTPUT'
    proto: 'icmp'
    icmp_match: 'timestamp-reply'

When I apply this on a node I get

Firewall_multi[973 DROP ICMP TIMESTAMP REQUEST]: has no parameter named 'icmp_match'

. What am I doing wrong here? Funny enough, we do have rules that use other features listed there which work flawlessly:

'970 LOGDROP icmp':
    jump: 'LOG'
    log_prefix: 'LOGDROP-ICMP '
    chain: 'INPUT'
    proto: 'icmp'
    limit: '5/min'
  '971 LOGDROP tcp':
    jump: 'LOG'
    log_prefix: 'LOGDROP-TCP '
    log_tcp_sequence: true
    chain: 'INPUT'
    proto: 'tcp'
    tcp_flags: 'FIN,SYN,RST,ACK SYN'
    limit: '5/min'
  '972 LOGDROP udp':
    jump: 'LOG'
    log_prefix: 'LOGDROP-UDP '
    chain: 'INPUT'
    proto: 'udp'
    limit: '5/min'
  '999 drop all':
    jump: 'drop'
    proto: 'all'

A GitHub wide search wasn't any help either https://github.com/search?q=path%3A*.pp+OR+path%3A*.yaml+icmp_match&type=code

Solved it. It should've been

icmp

instead of

icmp_match