Hey, I stumbled across this code snipped in my company's puppet code, which I find confusing:

if ($::hostname =~ 'web') {
  $notify_web=Service['apache2']
}

file { '/some/file':
  ensure  => file,
  notify  => $notify_web,
}

Puppet executes just fine on hosts not starting with "web". Is this expected behavior? I would consider this a bug and bad code.

Hey, I stumbled across this code snipped in my company's puppet code, which I find confusing:

if ($::hostname =~ 'web') {
  $notify_web=Service['apache2']
}

file { '/some/file':
  ensure  => file,
  notify  => $notify_web,
}

Puppet executes just fine on hosts not starting with "web". Is this expected behavior? I would consider this a bug and bad code.

it's bad code when $notify_web isn't always defined

and you can configure in puppetserver if it should log a warning for undefined variables or abort catalog compilation (I highly recommend it)

alright, thanks! I will have a look at this setting

Hi - I’m building an open source puppet 7 server environment, with a primary server and a compile master - I want to install puppetDB on both and have a single separate host running the postgres DB Looking at the documentation for the puppetlabs / puppetdb module on the forge it would seem to ‘just’ be a case of using puppetdb:master:config and puppetdb::server classes on the primary/compile hosts and puppetdb:database:postgresql for the DB host - which I think seems clear enough. What I’m stuck with understanding is if I want to use SSL .. it talks about adding params to the classes including setting puppetdb_server for the puppetdb:database:postgresql class to puppetdb_host - in my environment I potentially have multiple puppetDB hosts - so do I supply an array of names to puppetdb_server ?? Or do I need to do something different ?

so, I would use just the local node's puppetdb if you're sharing the db backend

just know when you upgrade the puppetdb version you'll need to do it from a single node

likely with puppetdb offline

PuppetDB pretty much always uses SSL. That’s why when putting it into RDS or Aurora you have to create a custom parameter to turn on SSL in RDS

This right here:

Setup A Parameter Group to allow SSL termination on the PostgreSQL Server
In the left hand column, click "Parameter Groups"
- Click the "Create parameter Group" button
- In the "Parameter Group Family" drop-down, choose "postgres11"
- Under "Group Name" enter "PuppetDB"
- Under "Description" enter "PuppetDB"
  - Click the "Create" button
Once the interface shows the puppetdb Parameter group, click on the link "puppetdb"
- In the "Parameters" search box, search for "ssl"
- Click the orange "Edit Parameters" button.
- Scroll down to "rds.force_ssl". Change the value from "0" to "1" to allow SSL
- Scroll back to the top and click the orange "Save Changes" button.
Apply the new parameter group to the instance
- Click "Databases" in the left column
- Click the text "puppetdb" to bring up the configuration
- click the "Modify" button
Scroll down to the section titled "Additional Configuration
- In the "DB Parameter Group" section choose "puppetdb" from the drop-down
- Scroll to the bottom of the page and click the "Continue" button.
In the "Scheduling of Modifications: section on the next page, select "Immediately" for applying the new parameter group.
Scroll to the bottom and click "Modify DB Instance"

Now your infrastructure should be in place to start building Puppet.

That’s a little older interface in AWS, but still applies…. you just have to find where they moved an option or two. I used this procedure not a month ago to stand up PuppetServer in AWS (Community) with an RDS backend and load balanced compilers

Not sure I follow …. we will have a multiple puppet servers each of which runs puppetserver and puppetDB - and a separate host with postgres on it … If we want to use SSL for the connections from puppetDB and postgres then we have to specify puppetDB hostname for the parameter puppetdb_server in the class puppetdb:database:postgresql - we will have multiple puppetDB hosts so I’m wondering how we specify that

Yeah, I need to update that runbook. Git Blame CVQuesty

This message was deleted.

never needed it before?

@Lumiere could you explain further ? replicating my comment as I forget to add your name earlier .. sorry …. Not sure I follow …. we will have a multiple puppet servers each of which runs puppetserver and puppetDB - and a separate host with just postgres on it … If we want to use SSL for the connections from puppetDB and postgres then we have to specify puppetDB hostname for the parameter puppetdb_server in the class puppetdb:database:postgresql - we will have multiple puppetDB hosts so I’m wondering how we specify that

sorry, so, you want to setup puppetdb:database:postgres on a single puppetdb node

I've not done this in a while... but the gist is, one node to manage the database, the other node you just need to make sure the pg_hba rules and the right subset of the puppetdb server configuration are configured

thanks - from my reading of the doc for the puppetdb module on the forge you can set up the config across multiple nodes - I want to have a node that only runs the postgresql (no puppetDB software at all) and put the puppetDB (software) elements onto multiple puppet servers

Because we want to switch on SSL for the connections the docs on the module says that the puppetdb_server parameter must be supplied when using the puppetdb:database:postgresql class to set up the postgres server, I will have two (or more) puppet servers running puppetdb will all need to be added in the param (which seems to be expecting a string not an array - although I could be wrong)

that is for sure doable

let me go look at that documentation

thanks much appreciated

set it to the primary puppetdb_server and then call https://github.com/puppetlabs/puppetlabs-puppetdb/blob/main/manifests/database/postgresql_ssl_rules.pp from the other

set it to the primary puppetdb_server and then call https://github.com/puppetlabs/puppetlabs-puppetdb/blob/main/manifests/database/postgresql_ssl_rules.pp from the other

if that fails, there's something about configuring ssl certificates in https://github.com/puppetlabs/puppetlabs-puppetdb/blob/main/manifests/database/ssl_configuration.pp that will have to be done

if that fails, there's something about configuring ssl certificates in https://github.com/puppetlabs/puppetlabs-puppetdb/blob/main/manifests/database/ssl_configuration.pp that will have to be done

but neither of those will take both servers at the same time

Ok thanks - I’ll have a look, thanks again for the help