https://www.puppet.com/community logo
Join Slack
Powered by
# puppet
  • v

    vchepkov

    05/09/2022, 12:58 PM
    puppet infrastructure
    face is a wrapper around bolt and it will show you bolt command syntax in help
  • v

    vchepkov

    05/09/2022, 12:58 PM
    Copy code
    puppet infrastructure run rebuild_certificate_authority --help
    puppet infrastructure run regenerate_master_certificate --help
  • v

    vchepkov

    05/09/2022, 12:59 PM
    Copy code
    puppet infrastructure run rebuild_certificate_authority --help
    puppet infrastructure run regenerate_master_certificate --help
  • g

    goeldi

    05/09/2022, 1:09 PM
    These two worked now. After the first (rebuild...) it told me:
    Rebuild_ca: Successfully rebuilt CA. Make sure to clean up local CA and CRL bundle on all of your agent nodes by running 'puppet infra run regenerate_agent_certificate' with 'crl_clean=true' setting
    Do I have to run regenerate_agent_certificate on the puppetserver or on the agents? Puppetserver, CA, DB are on the same linux host, all the agents are windows.
  • v

    vchepkov

    05/09/2022, 1:22 PM
    https://puppet.com/docs/pe/2019.8/regenerate_certificates.html#regenerate_agent_certs
  • v

    vchepkov

    05/09/2022, 1:23 PM
    It might not work if you can't ssh to every agent
  • g

    goeldi

    05/09/2022, 1:45 PM
    transport: winrm is not possible?
    🤷 1
  • s

    Slackbot

    05/09/2022, 2:30 PM
    This message was deleted.
    r
    j
    • 3
    • 11
  • s

    Slackbot

    05/09/2022, 4:56 PM
    This message was deleted.
    b
    • 2
    • 2
  • y

    Yorokobi

    05/09/2022, 4:57 PM
    classname::variablename
  • s

    Slackbot

    05/09/2022, 4:57 PM
    This message was deleted.
    r
    t
    • 3
    • 3
  • c

    CVQuesty

    05/09/2022, 5:05 PM
    I thought you weren’t supposed to do cross-module referencing <something something scope something>
  • r

    ragnarkon

    05/09/2022, 5:06 PM
    you’re not, but in this case I have a group of people that don’t want to use Hiera because they don’t want to use Git, so they want everything to be a class parameter they can set in the PE console.
    mindblown 1
  • r

    ragnarkon

    05/09/2022, 5:06 PM
    So I’m basically having to break my module to allow them to avoid Hiera.
  • c

    CVQuesty

    05/09/2022, 5:07 PM
    I mean, you’re not supposed to:
    Copy code
    Assign variables using their short name within their own scope. You cannot assign values in one scope from another scope. For example, you can assign a value to the apache::params class's $vhostdir variable only from within the apache::params class.
  • c

    CVQuesty

    05/09/2022, 5:07 PM
    you might run into some pain in variable munging
  • c

    CVQuesty

    05/09/2022, 5:09 PM
    And TBH, that’s a hard line for me. If I’m a System Admin/Engineer, (automation engineer), I set the parameters under which you’re allowed to put data on the systems I’m responsible for. You use Git, or you find another job.
  • c

    CVQuesty

    05/09/2022, 5:09 PM
    That’s outlandish.
  • r

    ragnarkon

    05/09/2022, 5:10 PM
    I do not disagree at all. The TL;DR is I set up a compete set of base roles/profiles for our public cloud instances, and i’ve been asked to hand my modules over to another team so I can move on to bigger and better things. That other team doesn’t want to use Git to manage things and doesn’t like roles and profiles because they find it hard to customize specific instances with roles/profiles through the PE console.
  • r

    ragnarkon

    05/09/2022, 5:10 PM
    I do not disagree at all. The TL;DR is I set up a compete set of base roles/profiles for our public cloud instances, and i’ve been asked to hand my modules over to another team so I can move on to bigger and better things. That other team doesn’t want to use Git to manage things and doesn’t like roles and profiles because they find it hard to customize specific instances with roles/profiles through the PE console.
  • r

    ragnarkon

    05/09/2022, 5:11 PM
    so I’m basically splitting apart my roles and profiles into individual modules, but it also pains me to do it, so I’m at least trying to keep the profiles themselves together for my own personal sanity.
  • b

    bastelfreak

    05/09/2022, 5:12 PM
    😞
  • r

    ragnarkon

    05/09/2022, 5:14 PM
    I guess what I should do is hand it to them and walk away…. but I just… can’t bring myself to do that since I’ve spent the last 3 years of my life managing all of this.
  • b

    bastelfreak

    05/09/2022, 5:16 PM
    so you need to decide between walking away knowing that they will ruin it afterwards vs you ruin it and they will ruin it further afterwards?
  • b

    bastelfreak

    05/09/2022, 5:16 PM
    pick option 1
    💯 2
  • y

    Yorokobi

    05/09/2022, 5:17 PM
    Channeling my wife, "So, you want to take this product that was created according to best/better practices and break it apart into worst practice components because you're too lazy to learn how to do it right?"
  • c

    CVQuesty

    05/09/2022, 5:19 PM
    I would archive off your work to have a HUGE CYA fallback, save off and archive everything you need to put the server back (including a snapshot if necessary), and then hand over the keys and walk away. Officially state in writing that any version of “helping” in the future would include restoring everything back to how it was when you handed it over before beginning troubleshooting. Also note in the handover documentation that deviating from the Puppet official prescribed best practices constitutes placing the company in a precarious position you do not agree to support. Wash your hands, but cover your butt.
  • r

    ragnarkon

    05/09/2022, 5:23 PM
    ugh, well I know ya’ll are right, just very frustrating
  • c

    CVQuesty

    05/09/2022, 5:24 PM
    And if you’re moving up to bigger/better, perhaps your leadership should be apprised of the problems and you make it clear to them that you don’t agree to support the product if Puppet best practices are not followed.
  • t

    tvaughan

    05/09/2022, 5:26 PM
    Honestly, the rift between hiera and the console has always been a huge issue
1...272829...428Latest