# puppet
- a
Allahshukur Ahmadzada
05/06/2022, 11:10 AMthere is one problem, it does not restart service but overall puppet returns corrective status, in perfect world I have to make it return failed state so we understand and correct config - b
bastelfreak
05/06/2022, 11:11 AMI think perfect would be to not update the config file at all if the new content isn't valid - a
Allahshukur Ahmadzada
05/06/2022, 11:12 AMI started to get your point - a
Allahshukur Ahmadzada
05/06/2022, 11:13 AMonly thing bothers me there are multiple configs which gets merged, not sure it is gonna be okay to use validate_cmd - a
Allahshukur Ahmadzada
05/06/2022, 11:14 AMthere could be different scenarios that this could be buggy - m
Massimiliano (Max)
05/06/2022, 11:17 AM - m
Massimiliano (Max)
05/06/2022, 11:18 AM - m
Massimiliano (Max)
05/06/2022, 11:18 AM - a
Allahshukur Ahmadzada
05/06/2022, 11:26 AMokay tried validate_cmd. looks like check command should be run againts file like "check -f filename" but pdns_check does not work like that it checks all existing configurations on their place. This what happened if I used "check" in validate_cmd, added buggy config and it did change configuration (supposed not to change it) and then when I tried to correct config it failed because check returned false - a
Allahshukur Ahmadzada
05/06/2022, 11:27 AMso validate_cmd checks againts file, if check mechanism checks files on their original place it does not work, am I mistaken? - a
Allahshukur Ahmadzada
05/06/2022, 12:00 PMdoes hiera-eyaml works with PE? - b
bastelfreak
05/06/2022, 12:01 PMyes - a
Allahshukur Ahmadzada
05/06/2022, 12:10 PMdid you used it to encrypt rsa key? - b
bastelfreak
05/06/2022, 12:23 PMI used it for all sorts of things, probably also rsa keys - a
Allahshukur Ahmadzada
05/06/2022, 12:46 PMactually we can use PE configuration section to add sensitive data right? so does people normally use eyaml with PE? - a
Allahshukur Ahmadzada
05/06/2022, 12:47 PMlike we do not need hiera-eyaml to hide sensitive data from vsc if we use PE? I try to figure out what most people do - h
hbui
05/06/2022, 12:56 PM - a
Allahshukur Ahmadzada
05/06/2022, 1:21 PMI check this doc, for example this doc does not exist on Enterprise section - a
Allahshukur Ahmadzada
05/06/2022, 1:21 PMsimple question how most people handle sensitive data while using Puppet Enterprise, it is about what majority does - y
Yorokobi
05/06/2022, 1:23 PMI use eyaml the same with PE as open source Puppet. - b
bastelfreak
05/06/2022, 1:23 PMI use eyaml and vault - h
hbui
05/06/2022, 1:27 PMall of that info in the URL applies to PE too - a
Allahshukur Ahmadzada
05/06/2022, 1:36 PMthank you, I think I have to get my hands dirty to undestand well - s
Sam
05/06/2022, 2:26 PM@hbui I have changed 2 values in sshd_config file using above manifest, Getting below error:Copy codeNotice: /Stage[main]/Cem_linux::Utils::Packages::Linux::Ssh/Cem_sshd_config[AllowTcpForwarding]/value: value changed ['no'] to ['yes'] (corrective) Info: /Stage[main]/Cem_linux::Utils::Packages::Linux::Ssh/Cem_sshd_config[AllowTcpForwarding]: Scheduling refresh of Exec[abide_reload_sshd] Notice: /Stage[main]/Cem_linux::Utils::Packages::Linux::Ssh/Cem_sshd_config[MaxStartups]/value: value changed ['10:30:100'] to ['100'] (corrective) Info: /Stage[main]/Cem_linux::Utils::Packages::Linux::Ssh/Cem_sshd_config[MaxStartups]: Scheduling refresh of Exec[abide_reload_sshd] Notice: /Stage[main]/Cem_linux::Utils::Packages::Linux::Ssh/Exec[abide_reload_sshd]/returns: sshd.service is not active, cannot reload. Error: /Stage[main]/Cem_linux::Utils::Packages::Linux::Ssh/Exec[abide_reload_sshd]: Failed to call refresh: 'systemctl reload sshd' returned 1 instead of one of [0] Error: /Stage[main]/Cem_linux::Utils::Packages::Linux::Ssh/Exec[abide_reload_sshd]: 'systemctl reload sshd' returned 1 instead of one of [0] Info: Class[Cem_linux::Utils::Packages::Linux::Ssh]: Unscheduling all events on Class[Cem_linux::Utils::Packages::Linux::Ssh] - j
josh
05/06/2022, 3:54 PMWe fixed the "store state forever" issue in https://tickets.puppetlabs.com/browse/PUP-3647 By default
but can be shortened if neededstatettl=32d - s
Slackbot
05/06/2022, 5:02 PMThis message was deleted.ns+3- 6
- 35
- a
acidprime
05/06/2022, 5:27 PMWorse case you could aggregate the existing fact and the new data point together in the structure you want - a
acidprime
05/06/2022, 5:37 PMBut I bet inside the blockCopy code
Would be the original networking fact and then the facter cli/puppet would read your aggregate ? at least that would be the theory as by nature aggregates would have to be eval'ed after other facts and thus would override them. I know back in the day top scope vars could override facts from an ENC so overrides didn't used to break anything in a given namespaceFacter.value(:networking) - k
Kwadster
05/06/2022, 6:08 PMDoes anyone know what this means? I keep getting this error sporadically.I have .pp file that mounts disk.When i check the disks are successfully mounted. So not sure where the errors keep coming fromCopy codeError: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Resource Statement, Could not autoload puppet/type/mount: /etc/puppetlabs/code/modules/mount_core/lib/puppet/type/mount.rb:276: syntax error, unexpected tDOT elsif resource[:device]&.match(%r{^[^/]+:/}) ^ at /etc/puppetlabs/code - b
bastelfreak
05/06/2022, 6:10 PMI bet you're on a EoL Puppet version and the ruby code in that file isn't compatible with your ruby interpreter