is this an application config settings ng? make a template.

vscode extension says that it uses puppet-lint and yet the editor is unhappy with idents and latest puppet-lint is fine. Some setting is missing?

Different linter versions?

It seems extension bundles it. I don't see a way to tell it to use a new one

Hello, everyone. What is a recommended approach to cleaning up puppet code? I have tried puppet-lint with

--only-checks ghostbuster_classes,ghostbuster_files,ghostbuster_templates

, but, for some reason, not getting any results. I’m sure i have some unused templates, manifests, etc… My google search is not pointing to any else useful. Any suggestions? Thank you!

VoxBox is probably your best bet long term https://github.com/voxpupuli/container-voxbox. But I and many others are still using the latest public release of the PDK.

pdk validate

will run the linters, and adding

-a

will do autocorrect

Also the community Slack is more active and a better place to get feedback these days https://voxpupuli.org/connect/

Hey there... THis page: https://github.com/puppetlabs/puppetserver/tree/main/documentation says the osp docs have moved and links to a nonexistent location. Can we get a fix on that? I'm trying to retrieve super-old docs. Doing some research on balancing the front end, and recalled some 2-3.x days methods I wanted to look over.

Puppet Server, the Java Service, was like laaaate 3.x. So, might not be what you're looking for if 2.x is in the time frame.

2.x, and other early docs are here: https://github.com/puppetlabs/docs-archive/tree/main/puppet

I know I was using Apache + Passenger in 2.7. I still have the configs for it on disk.

Earliest I find here is 3.8, though…. that’s after the DB change.

HAHAHA! I’m a digital pack rat:

LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-4.0.26/build  out/apache2/mod_passenger.so
     PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-4.0.26
     PassengerDefaultRuby /usr/bin/ruby

  PassengerHighPerformance On
  PassengerMaxPoolSize 12
  PassengerPoolIdleTime 1500
  PassengerMaxRequests 1000
  PassengerStatThrottleRate 120

  Listen 8140

wow… this external drive has backups of old consulting machines long since gone. It’s a veritable archaeological dig

It's a lot easier to just huck it over to a subdirectory on long-term storage than to just delete it outright. What's fun, though? Pull in code from 2011 and run puppet-lint against it. 😄

evilest

Howdy all... I'm stumped and interested in some tips to track down how this is working. Environment: Puppetserver 7.17 and foreman 3.14. This year we've updated from old versions of Puppet... I think it was 2.7 (that was fun!) I have two hosts using a locally built proftpd module ages ago. The structure looks like it was developed with the PDK. (init and params manifests). There is a variable called $service_manage that controls if the proftpd service is managed (duh). These hosts are set up in different clusters and should have $proftpd::service_manage set to "false" so the cluster can manage it. I added a notify{} before $service_manage if statement and one one host it is "false" and another has it as the default "true". I can't find where it is being set to "false". I've confirmed it is being set in the host's catalog (not cached in the puppet client). Places I've looked: grep -ir service_manage /etc/puppetlabs/* (includes modules and hiera) foreman node parameters via the web foreman database parameters table Any idea where else to look? I wonder if the upgrades kept an old setting somewhere? I want to fix the old host, but not at the expense of the working one!

@rmeden you want to use "puppet lookup" on the puppetserver to check for hiera values

@Leon Ross has left the channel

Hello, i have a strange situation. I have Puppet sever open source 7 and i have RHEL 9 virtual machine (VM). On this VM i installed Puppet agent and it was working fine. Then this VM was moved to another network and its hostname was changed. Now when i logged into this VM, it's new hostname is "a-dfweq-pgk-001". I went to Puppet server and checked - there is no certificate for this hostname. Then i returned to client VM and stopped puppet service and removed /etc/puppetlabs/puppet/ssl directory completely and after that i executed "puppet agent -t". Usually it should make a new CSR and contact Puppet server to auto sign certificate. But right now i have next error:

a-dfweq-pgk-001 /etc/puppetlabs/puppet # puppet agent -t
Error: Connection to <https://d-dfweq-vua-011.example.com:8140/puppet-ca/v1> failed, trying next route: Request to <https://d-dfweq-vua-011.example.com:8140/puppet-ca/v1> failed after 0.005 seconds: Connection reset by peer - SSL_connect
Wrapped exception:
Connection reset by peer - SSL_connect
Error: No more routes to ca
Error: No more routes to ca

I can see that puppet agent didn't created certificates:

a-dfweq-pgk-001 /etc/puppetlabs/puppet # tree ssl
ssl
├── certificate_requests
├── certs
├── private
├── private_keys
└── public_keys

What interesting when i check on the client VM nslookup, ping, and nc -vz d-dfweq-vua-011.example.com 8140 everything is ok. I even checked tcpdump on Puppet server -> traffic is going ok in both directions. Also i checked SELinux, restarted puppetserver service, checked puppet.conf on client VM. Could you please help me to fix this issue? (also i was using ChatGPT to troubleshoot it, followed all suggestions and it is still not resolved)

Something terminates your connection. Maybe a firewall, load balancer, or http proxy

dumb question ... fact names all share a global namespace. what happens if multiple modules contain the same fact (i.e.

pdk new fact xyz

) ? ... common sense tells me that only one of them would end up in

/opt/puppetlabs/puppet/cache/lib/facter/

on the target machine (even if both are sent, one would overwrite the other), so only one would end up being executed ... i know the "correct" answer is "don't do that", but if somebody does, is there any way to know which one would end up existing on the target machine?

Hi everyone How can we manage this pull request on docker module ? https://github.com/puppetlabs/puppetlabs-docker/pull/965

what do you mean by "manage" it

Hi everyone, I’m building a proof of concept (POC) of Puppet and need to install PuppetServer on an EKS cluster. The server will run on my EC2 instances, and we’re using Puppet Open Source. I haven’t found consistent documentation about Puppet on Kubernetes. The only option I found is to run the PuppetServer on EC2 instances, which we don’t want. Since the official image in the Docker Registry is deprecated, and the Voxpuli Puppet Server image is too, I had to build a Dockerfile. https://hub.docker.com/r/puppet/puppetserver/ https://hub.docker.com/r/voxpupuli/container-puppetserver I noticed the official Puppet Server Helm Chart: https://github.com/puppetlabs/puppetserver-helm-chart, but some of its dependencies reference Bitnami images. Do you have any suggestions for alternatives to this? If you’ve faced a similar challenge (PuppetServer on a Kubernetes cluster) before, please share your experience and knowledge with me. Thank you so much.

@Jason St-Cyr Is there a way to get the puppetlabs-apt module to a better state? Ubuntu 24.04 isn't supported yet, neither Debian Trixie.

Hi everyone. I'm running open source Puppet version 7. I'm using the roles/profiles architecture to manage my configurations. I'm using the puppetlabs/docker module to manage my compose files/services (docker_compose resource definitions) for various application stacks. One of my compose-based application stacks is an nginx reverse proxy for a number of FQDNs. I'm writing a custom module to manage certificates using lego. My lego module loops over a list of domains and uses exec resources to create/renew the certificates. I'm struggling to figure out how to declare the dependencies between my lego module certificate creation and/or renewal with restarting my nginx stack. I'm trying to keep the modules as loosely coupled as possible. I've tried creating File resources for the certificates within the loop and subscribing the nginx docker_compose resource to the certificate File resources. I am getting errors from the nginx docker_compose that the File resources do not exist, presumably because they are dynamically generated in the loop and haven't been actualized yet? I've thought that somehow declaring the dependencies within my profiles is a better approach, but I haven't been able to wrap my head around how to declare a dependency in a class external to both the File or Docker_compose resources. I'm looking for suggestions on the best way to approach this situation. Should I give up the idea of loosely coupling the module? Is there a way to subscribe to resources that are dynamically created within a loop in a different module?

question ... i'm looking at https://help.puppet.com/pe/current/topics/certificate-authority-service-parameters.htm ... i hadn't realized that agent certs are only 90 days and are automatically re-issued, that is cool ... my question is, does the same thing happen for the CA certificate?