https://www.puppet.com/community logo
Join Slack
Powered by
# puppet
  • v
    puppet infrastructure
    face is a wrapper around bolt and it will show you bolt command syntax in help
  • v
    Copy code
    puppet infrastructure run rebuild_certificate_authority --help
puppet infrastructure run regenerate_master_certificate --help
  • v
    Copy code
    puppet infrastructure run rebuild_certificate_authority --help
puppet infrastructure run regenerate_master_certificate --help
  • g
    These two worked now. After the first (rebuild...) it told me: 
    Rebuild_ca: Successfully rebuilt CA. Make sure to clean up local CA and CRL bundle on all of your agent nodes by running 'puppet infra run regenerate_agent_certificate' with 'crl_clean=true' setting
    Do I have to run regenerate_agent_certificate on the puppetserver or on the agents? Puppetserver, CA, DB are on the same linux host, all the agents are windows.
  • v
  • v
    It might not work if you can't ssh to every agent
  • g
    transport: winrm is not possible?
    🤷 1
  • s
    This message was deleted.
    r
    j
    • 3
    • 11
  • s
    This message was deleted.
    b
    • 2
    • 2
  • y
    classname::variablename
  • s
    This message was deleted.
    r
    t
    • 3
    • 3
  • c
    I thought you weren’t supposed to do cross-module referencing <something something scope something>
  • r
    you’re not, but in this case I have a group of people that don’t want to use Hiera because they don’t want to use Git, so they want everything to be a class parameter they can set in the PE console.
    mindblown 1
  • r
    So I’m basically having to break my module to allow them to avoid Hiera.
  • c
    I mean, you’re not supposed to:
    Copy code
    Assign variables using their short name within their own scope. You cannot assign values in one scope from another scope. For example, you can assign a value to the apache::params class's $vhostdir variable only from within the apache::params class.
  • c
    you might run into some pain in variable munging
  • c
    And TBH, that’s a hard line for me. If I’m a System Admin/Engineer, (automation engineer), I set the parameters under which you’re allowed to put data on the systems I’m responsible for. You use Git, or you find another job.
  • c
    That’s outlandish.
  • r
    I do not disagree at all. The TL;DR is I set up a compete set of base roles/profiles for our public cloud instances, and i’ve been asked to hand my modules over to another team so I can move on to bigger and better things. That other team doesn’t want to use Git to manage things and doesn’t like roles and profiles because they find it hard to customize specific instances with roles/profiles through the PE console.
  • r
    I do not disagree at all. The TL;DR is I set up a compete set of base roles/profiles for our public cloud instances, and i’ve been asked to hand my modules over to another team so I can move on to bigger and better things. That other team doesn’t want to use Git to manage things and doesn’t like roles and profiles because they find it hard to customize specific instances with roles/profiles through the PE console.
  • r
    so I’m basically splitting apart my roles and profiles into individual modules, but it also pains me to do it, so I’m at least trying to keep the profiles themselves together for my own personal sanity.
  • b
    😞
  • r
    I guess what I should do is hand it to them and walk away…. but I just… can’t bring myself to do that since I’ve spent the last 3 years of my life managing all of this.
  • b
    so you need to decide between walking away knowing that they will ruin it afterwards vs you ruin it and they will ruin it further afterwards?
  • b
    pick option 1
    💯 2
  • y
    Channeling my wife, "So, you want to take this product that was created according to best/better practices and break it apart into worst practice components because you're too lazy to learn how to do it right?"
  • c
    I would archive off your work to have a HUGE CYA fallback, save off and archive everything you need to put the server back (including a snapshot if necessary), and then hand over the keys and walk away. Officially state in writing that any version of “helping” in the future would include restoring everything back to how it was when you handed it over before beginning troubleshooting. Also note in the handover documentation that deviating from the Puppet official prescribed best practices constitutes placing the company in a precarious position you do not agree to support. Wash your hands, but cover your butt.
  • r
    ugh, well I know ya’ll are right, just very frustrating
  • c
    And if you’re moving up to bigger/better, perhaps your leadership should be apprised of the problems and you make it clear to them that you don’t agree to support the product if Puppet best practices are not followed.
  • t
    Honestly, the rift between hiera and the console has always been a huge issue
1...272829...428Latest