Ok, So when I use the ca_extend::check_ca_expiry plan against the CA it repots that the CA is set to expire on August 5th 2037. I updated the server from version 5.0.0 to 6.20.0 before I ran the ca_extend plan on Thursday evening. Prior to that, I put the Puppet file resource that manages the CA into the catalog three weeks before hand.

Ok, So when I use the ca_extend::check_ca_expiry plan against the CA it reports that the CA is set to expire on August 5th 2037. I updated the server from version 5.0.0 to 6.20.0 before I ran the ca_extend plan on Thursday evening. Prior to that, I put the Puppet file resource that manages the CA into the catalog three weeks before hand.

message has been deleted

What the heck is Bolt reporting on and what did it take action on??

These are completely conflicting realities. Bolt reports that the certificate is valid and good until 2037, whereas openssl says nothing has changed, except the expiration date has PASSED.

This message was deleted.

Hi puppet! I have a Foreman deployment whose CA was set to expire on Saturday and I fortunately was able extend the CA certificate to 2037 using the ca_extend Bolt plan; however, while I did read the documentation and chose to distribute the CA via Puppet manifest, none of my agents can connect and they are reporting the CA has expired. • The primary puppetserver, the CA, was at puppetserver version 5.0.0 and was updated to version 6.20.0, prior to running the Bolt plan • An openssl s_client command run against the primary server on 8140 shows the cert as expired • An openssl on the concatenated file (cat /etc/puppetlabs/puppet/ssl/ca/ca_crt.pem | opnessl x509 -noout -enddate) shows the certificate is valid until until 2037 • The puppetserver service has been restarted • There is no loadbalancer terminating any SSL traffic • The primary puppetserver's webserver.conf does not contain the certificate information it should 😞 Looking for help on getting this resolved, thanks!

Hi puppet! I have a Foreman deployment whose CA was set to expire on Saturday and I fortunately was able extend the CA certificate to 2037 using the ca_extend Bolt plan; however, while I did read the documentation and chose to distribute the CA via Puppet manifest, none of my agents can connect and they are reporting the CA has expired. • The primary puppetserver, the CA, was at puppetserver version 5.0.0 and was updated to version 6.20.0, prior to running the Bolt plan • An openssl s_client command run against the primary server on 8140 shows the cert as expired • Parsing the concatenated file with openssl (cat /etc/puppetlabs/puppet/ssl/ca/ca_crt.pem | opnessl x509 -noout -enddate) shows the certificate is valid until until 2037 • The puppetserver service has been restarted • There is no loadbalancer terminating any SSL traffic • The primary puppetserver's webserver.conf does not contain the certificate information it should 😞 Looking for help on getting this resolved, thanks!

This message was deleted.

Does the Puppet File resource support resuming of partial downloads when source is https ?

This message was deleted.

I believe that when I updated puppetserver from 5.0.0 to 6.20.0, it did not receive an updated config, therefore webserver.conf, which holds the CA data, would be updated with the CA and it is not I think this can be saved if I revert back to the certificate before I added regen_primary_cert=true. Is it possible to restore that config? I didn;'t back up the certificate directory 😞

I believe that when I updated puppetserver from 5.0.0 to 6.20.0, it did not receive an updated config, therefore webserver.conf, which holds the CA data, would be updated with the CA and it is not I think this can be saved if I revert back to the certificate before I added regen_primary_cert=true.

This message was deleted.

This message was deleted.

I had a working PE Server (latest version) and installed PAM following this guide. Now nothing works anymore. PE Console and PAM are not accessible even after reboot. The services are running though. The pam install script told me at the end, that I can now connect to http://127.0.0.1:8088 but this is not true (no firewall since tunnel etc.). Now how can I return to the previous state before this install script? Is there a way to uninstall? If not, I'll just reinstall the whole server since it is not yet productive.

Did you put PAM on the same server as PE?

This message was deleted.

Or build an array of strings (

['noexec','nosuid','nodev']

) to append to

$somevar = $facts['mountpoints']['/tmp']['options']

where each element of the array to append is itself added in separate steps.

Hey, has anyone ever used a powershell script to restart a windows service? I've tried quite a few ways, it works on command line but not from the manifest. e.g.

$restart_command = "C:/Windows/System32/WindowsPowerShell/v1.0/powershell.exe -executionpolicy remotesigned -file  ${facts['nsclient_installdrive']}${install_path}/scripts/nagios-agent-restart.ps1"

      service { $service_name:
        ensure     => running,
        enable     => true,
        hasrestart => true,
        restart    => $restart_command,
      }

Do you use any of these containers? (from https://hub.docker.com/r/puppet)

I clearly haven't been able to wrap my head around map()/reduce(). The closest I've come ends up creating an array of arrays.

$d = ['defaults']
$with_map = $d.map |$p| { $d << 'nodev' }
## [['defaults','nodev']]

message has been deleted

If you want a comma separated string, then it is easy to produce it using the join() function. This function also does flattening. For example:

$options = ['a', 'b']
$extras = ['x', 'y']
$result = join([$options, $extras], ',')

will set

$result

to

"a,b,x,y"

If you want a comma separated string, then it is easy to produce it using the

join()

function. This function also does flattening. For example:

$options = ['a', 'b']
$extras = ['x', 'y']
$result = join([$options, $extras], ',')

will set

$result

to

"a,b,x,y"

If you want an array result simply do:

$result = $options + $extras

As I showed earlier, the

+

operator will append the elements of the right operand so you get

['a','b','x','y']

instead of

['a','b',['x', 'y']]

which you would get if using the

<<

operator.

This message was deleted.

hello, does anyone know what this log in the puppetserver.log file is referring to

2022-08-10T08:11:41.989-04:00 INFO  [async-dispatch-2] [p.s.a.analytics-service] Puppet Server Update Service has successfully started and will run in the background
2022-08-10T08:11:41.989-04:00 INFO  [async-dispatch-2] [p.s.a.analytics-service] Not submitting module metrics via Dropsonde -- submission is disabled. Enable this feature by setting `dropsonde.enabled` to true in Puppet Server's config.

what exactly is the puppetserver update service? and what is being updated?