Hello, i have a question. I'm working in company that has on-premise (VMware) and AWS environments. RHEL 8 and RHEL 9 is used. Company has "Golden" image/template for on-premise RHEL8, where it has 1 bug. Pretty much like this: 1/ AWS RHEL8 (not affected) RHEL9 (not affected) 2/ On-premise VMware RHEL8 (affected ⚠️ ) RHEL9 (not affected) I kind of want to write next logic:

if dig($facts, 'virtual') == 'vmware' and $facts['os']['family'] == 'RedHat' and $facts['os']['release']['major'] == '8' {
    if Deferred('file', ['/etc/yum.repos.d/microsoft-prod.repo']).exist? {
      file_line { 'microsoft_repo_gpgcheck':
        ensure => present,
        path   => '/etc/yum.repos.d/microsoft-prod.repo',
        line   => 'gpgcheck=1',
        match  => '^\s*gpgcheck\s*=.*$',
      }
    }
  }

Basically what makes me somewhat upset is case when in future this file will no longer be there, and from what i remember if file is absent but file_line resource will look for it it will pretty much make "puppet agent -t" fail with ERROR 500 because catalog won't be compiled. I started asking Microsoft Copilot and it gave me code above using "Deffered" to check if file exists on filesystem and only then try to apply "file_line". But Google Gemini says that it will not work and that is not how Deffered is used and pushing me towards using module from Forge with "deffered" in its name. Could someone advice, would code above work? Or what you advice in general for my use case?

IMO: you should know which nodes need that repo, and then use puppet to manage the whole repo. for example with the puppet/yum module

Hmm, sounds like good idea, thanks, will look into it

@josh can you take a quick look at https://github.com/voxpupuli/beaker-hostgenerator/pull/440 ?

Hi all, I use something simmilart to this blog to renew agent certificates under puppet http://www.watzmann.net/blog/2014/06/puppet-autosign-policy.html, it works until Puppet7, after I upgrade to puppet8 it doesnt work anymore,

puppet config print --section master autosign
/usr/local/bin/autosign-psk

how can I verify why its nor working ? In logs puppetserver.log I dont see any errors about that.

What isn't working?

The command itself? The script?

And the master section is deprecated, server is the successor

Hi team need small info

Is there any way can I get all used resources from the master server

How can I get What all resources used in the code?

How can we get a complete list of puppet managed resources? From master server

you can check for puppet resources in puppetdb

Can you please share commands

why do you need those information?

I need to check what all resources we are using in our environment

do you want to know which resources are managed on the puppetserver, or do you want to query all managed resources on all nodes, but run the query on the puppetserver?

I need all the resources we are using in the existing puppet code

I need to check all managed resources on all nodes , but run the query on the master server

When I ran puppet resource --types getting Same resources on master as well node

Till now what all resources we used to write the code want to know

puppet resource --types

only gives you a list of all types that Puppet can manage

each agent writes a resources.txt with all managed resources. You can also query the PuppetDB API to get a list of all managed resources from the last catalogs

Can you please share puppetdb api command

https://help.puppet.com/pdb/8/topics/resources.htm this is the API documentation

@josh could you take a look at https://github.com/voxpupuli/beaker-hostgenerator/pull/440 please?

quick question: when the compiler sends the catalog to the agent, is the

resources[]

list within the catalog in the exact order that the agent will check/enforce the resources? or does the agent go through what it receives, resolve the dependences, and convert it from an "un-ordered list" to an "ordered list"? ... i've always assumed it was the latter (i.e. agent resolves dependencies) but i'm being asked for a definitive answer now.

It appears that puppet agent service changes ownership of the cache directory from root to puppet. Any way to prevent that? Didn't find anything obvious in puppet config

How long does it take for a PDK release and its release notes to sync up? I see 3.6.0 is available but docs don't have it yet.

question ... the team that manages our production machines (i.e. at client sites) came to me earlier with an issue where the agent is taking almost five hours to finish (where the normal time is 45-120 seconds, depending on hardware) ... they sent me the output of

puppet agent -t --debug

, and it turns out the problem is one

file

resource with

ensure => directory

and

recurse => true

, where that directory tree on the target server contains about 450K individual files (this is an expected condition, but it's something that our QA people aren't testing) ... the debug logs show that the agent is looking up the expected SELinux (user, role, type, range) for EVERY SINGLE FILE, apparently so it can check/fix every single file