This message was deleted.

AFAIK: there is no (yet) implementation for adding users to gitlab using puppet. But gitlab can also make use of an LDAP.

We use Code manager with gitlab for code. What I was saying is using hiera on gitlab server to add and remove system users on managed linux nodes. Not to manage gitlab access

We use Code manager with gitlab for code. What I was saying is using hiera on gitlab server to add and remove system users on managed linux nodes. Not to manage gitlab access I saw module on puppet forge. Now I wonder if its better to manager user on gitlab using hiera file or use classification on puppet console

This message was deleted.

So you have an Ubuntu primary, and an ubuntu normal agent, thats installed and working correctly? and you cant orchestrate it, the logs on the agent looks like it is connected to a broker, does it stay connected or does it constantly reconnect?

Hi How is this certificate used ?

# openssl x509 -in /etc/puppetlabs/puppet/ssl/certs/console-cert.pem -enddate -noout
notAfter=Oct  9 12:02:47 2022 GMT

We use

puppet_enterprise::profile::console::browser_ssl_cert

so not sure if this certificate needs to be renewed or not

hmm, this document suggests to remove these parameters

any idea why?

I’m not sure why exactly we went the route of telling people to rename their cert/key to

console-cert

rather than using those

puppet_enterprise

parameters. If you have those parameters set, though, I believe that ends up being an unused cert/key in that directory.

yep, but it is still used in the manifest unconditionally. I think I will just follow first half of the document, i.e. replace content with custom cert

Yeah, I think mostly for setting permissions on the files. If you manage that manually (and bounce the services after you do), it should be okay. We should really change that to use the profile parameters, probably.

Maybe easier to follow the docs and not think about it, though. Be aware, though, that on a replica promotion, it gets regenerated automatically.

That's one of the reasons we use hiera instead, to deploy files to primary/replica via puppet. Can't use console-cert due to resource conflict, puppet manages this file unconditionally

so that document doesn't follow puppet pattern if you ask me

Yeah, that’s not super great that we do that 😕

same with license file by the way, need two runs to deploy it and not make PE to choke

This message was deleted.

What does this error from facter during a puppet agent run mean? I started getting this after upgrading from 2021.5 to 2021.7

Warning: Facter: Error in fact 'pe_status_check.S0022' when checking license type: undefined method `include?' for nil:NilClass

hey @KevinR! Yeah this likely only to occur on a malformed licence.key file, i though i had all those handled, would it be possible to share, obfuscated if needed the structure of your licence file

This message was deleted.

we're not yet sure if we want to use that, for generic/hardware monitoring we've usually other tools. Would you accept a PR that makes the list of dashboards in https://github.com/puppetlabs/puppet_operational_dashboards/blob/a70d44f589e2d52b9eb5c9dad96ddeb5d09c06ec/manifests/profile/dashboards.pp#L146 configureable?

Cant think why not, looks like a simple change as well

This message was deleted.

Me again! I'm planning a PE upgrade from 2019->2021. Docs mention that I can run the installer and it will upgrade the environment. Has someone experience with that or do you recommended spinning up a systems and then pointing the agents to that? And if I spin up a new env, what would be the best way to keep all the puppetdb/orchestrator data?

https://puppet.com/docs/pe/2021.7/upgrading_pe.html#upgrading_pe There's some warnings about disk space due to the postgres upgrade and warnings about agent support that's been dropped but I know customers have gone through the upgrade and it works fine. Making sure https://forge.puppet.com/modules/puppetlabs/pe_status_check checks are clean really helps. If you use PEADM you can use https://github.com/puppetlabs/puppetlabs-peadm/blob/main/plans/upgrade.pp to make it even easier and a lot of customers are taking that on now. PEADM has a convert https://github.com/puppetlabs/puppetlabs-peadm/blob/main/plans/convert.pp to take on non-PEADM managed infrastructures too,

It would mean installing large infrastructures with multiple OS’s would require either the installer to be larger, to distribute all the variations, or a pre install staging step