That is what is used inside puppet to evaluate ERB.

ahhh, got it.

Looks like a broken puppet install, or everyone would suffer.

Does other templates work? (Looks like this happens before .erb is parsed though - when puppet is setting up for that).

Well, I did a full reinstall apt autoremove puppet-agent --purge and deleted a few folders and any box that run an upgrade is now getting this error. Any box that upgrades is getting this error now.

I can't get any erb file to pass. I keep getting the same error

The error is on the server.

ERB templates are compiled on the Puppetserver, not on the agents. This is a problem with the installation on your Puppetserver.

Oh that error isn't an issue on the node?

OH

ok I'll look at the server

message has been deleted

@tvaughan Do you know of another module which uses a remote KDC? If not, is there a way to get the puppet server to execute "something" when a new node connects?

May have to set up a remote kdc in my lab and give it a go. It's not entirely clear if the auto generation of keys relies on the kdc being the puppet master 🙄

@Tom Hilburn the server compliation failed because the compiler is using an older version of code than what was updated in the puppet-agent package. Make sure to restart puppetserver after updating its local puppet-agent package.

@tvaughan Looks like https://forge.puppet.com/modules/collectivemedia/krb5keytab will do the trick, but it's a bit old. I'll take a look and update you if I get anywhere. The other issue is creating a computer account in AD from the master...

This message was deleted.

This message was deleted.

See the

herculesteam-augeasproviders_apache

module at https://forge.puppet.com/herculesteam/augeasproviders_apache?src=slack&channel=puppet

Can anybody see what's wrong with this manifest (Puppet version 6.28.0, module herculesteam-augeasproviders_apache and _core is installed)?

apache_directive { "SetEnv":

ensure      => present,

args        => ["SSLProtocol", "-All +TLSv1.2 +TLSv1.3"],

args_params => 1,

target      => '/etc/apache2/mods-enabled/ssl.conf',

}

When I apply this, I get

Error: /Stage[main]/Main/Apache_directive[SetEnv]: Could not evaluate: Failed to save Augeas tree to file. See debug logs for details.

I also tried variants (apache_setenv, value instead of args etc.) BTW: the puppetlabs-apache module is not possible in this environment.

sounds like a permissions issue, any selinux or acls in play? what does the debug log say?

or AppArmor

lsattr on the file to make sure there are no extended attributes on the file like i to make it immutable

Using puppet v5 or higher, what are the pros/cons/gotchas of using an active/active puppet CA setup?

how would you build an active active CA?

Have 2 CA instances running behind a loadbalancer

it is a bit tricky to ensure voth CAs dont overwrite their files

usually people run active/passive

I seem to recall years ago something about cert serial numbers being an issue, but I wasn’t sure if that was still a thing

so you have a requirement for active/active?