But, personally, I don't like mixing code and data, and hostname is data

I'm playing with a new role in the control repo's site.pp

I prefer cert extensions

if $trusted['extensions']['pp_service'] {
    contain $trusted['extensions']['pp_service']
  } else {
    include corp::role::server
  }

I'm not set up with additional bits in the certs.

if you base your decision on a hostname, make a fact for it

noooo

well, as an alternative 🙂

the agent can fake its facts. don't use facts for classification

still better then hardcoding host names into manifest

lets agree on that both approaches are bad? 😄

I use certs

it's really not a big deal to set it up

yep

Hi i have a bigger problem, i get now this message if node.rb execution is activated with puppet 7 "During fact upload occured an exception: SSL_connect returned=1 errno=0 state=error: sslv3 alert certificate unknown Serving cached ENC: Could not send facts to Foreman: SSL_connect returned=1 errno=0 state=error: sslv3 alert certificate unknown" it seems from my foreman-WebUI that since 10 days no new Systems can´t upload reports to foreman which causes not execution of puppet-runs. I am using puppet 7 (opensource) - latest version - puppetserver-7.17.3 / puppet-agent-7.34.0-1.el7 / puppetdb-7.20.1-1 / foreman-3.3.1-1 / foreman-proxy. checked the certificates, they are valid till 2028 / 2033. 2x puppetserver. 1x puppetdb, 1x foreman - VMs + managed postgresql-DB - all hosted in Microsoft Azure. i am after 3 hours of searching out of options, thats why i would like to try my like here in the community. Thx in advance.

Hi, I have a strange issue on an agent in version 7.34 on Debian 12 : I run a deferred command on it (this one : https://github.com/puppetlabs/puppetlabs-mysql/blob/main/manifests/server/root_password.pp#L35C1-L35C85 ) and it fail to do the job. It work correctly on all other agent I have and if I remove Deferred in the module : it work. So I'm sure that the problem is on my agent. As symptom, I have an error in /opt/puppetlabs/puppet/cache/state/transactionstore.yaml :

Mysql_user[root@localhost]:
    parameters:
      ensure:
        system_value:
        - :present
      password_hash:
        system_value:
        - !ruby/string:Puppet::Util::Execution::ProcessOutput "*CORRECTHASHOFFUSCATE"

I try to remove all /opt/puppetlabs/puppet/cache and remove all the agent and reinstall whitout success. I have no more idea to correct this (maybe reinstall all the server begin to be an option)

indeed Modules Team is about to start up in #CFD8Z9A4T

Hi, I just had a query around "run stages" that Im unsure about. Is it possible to specify "stage" as a class param default in the defining class? eg

class myclass ($stage = "infra")

I found some examples from 2014 in google grouops that seemed to indicate that it was possible, but the documentation says stages are only usable with "resource like class declaration".

Hi team, My environment is puppet running every hour as per cron but sometimes we are getting few class failures and showing below error Connect to https://masterservervip:8140/puppet/v3 failed,trying next route : request to same above url then timed out connect operation after 120.086

Next puppet run time not getting any error Per day out off 24 times any one of the time getting error and coming some class failures

Please suggest me what to do on such cases

Before I get too far into the weeds: I'm considering running Puppet server in a Docker image as we have a OpenShift environment where I work. I use open source Puppet now. Is this something that I should even consider?

Hi Team, I am using puppetlabs-docker module to install and configure docker on redhat-linux 7. It seems on rhel8 its replaced with podman. It seems this module does not support podman configuration. What is best way to configure podman on redhat-linux-8?

See the

puppetlabs-docker

module at https://forge.puppet.com/puppetlabs/docker?src=slack&channel=puppet

recently noticed puppetserver nodes running puppet agent 7.x on rocky linux aren’t resolving any custom facts, erroring like

ERROR Facter - Could not load puppet gem, got cannot load such file -- puppet

. there may be some of our custom facts or included in modules that

require "puppet"

, but i haven’t seen much of that. the puppet gem isn’t installed because puppet agent uses its own embedded ruby and gems. everything else seems fine. installing the puppet gem via

puppetserver gem install

didn’t seem to help. that gem path probably has nothing to do with this issue. any ideas? there’s some recent thread that sounds similar for puppet 8, but no resolution.

Today, we’re sharing a change to how Puppet will release packages in 2025: https://www.puppet.com/blog/open-source-puppet-updates-2025 Between now and early next year, we’ll be working with the community to roll out these updates in a way that works. Reach out to me or at the email in the link with any questions

We will release hardened Puppet releases to a new location and will slow down the frequency of commits of source code to public repositories.

Which repos?

expanding the functionality and innovation for multi-cloud use cases

Will we get containers again?

to a private, hardened, and controlled location. Our intention with this change is not to limit community access to Puppet source code, but to address the growing risk of vulnerabilities across all software applications today while continuing to provide the security, support, and stability our customers deserve.

Sorry but that sounds like marketing crap? How addresses a private location the growing risk of vulnerabilities?

It sounds like there will be no public OSS pacakges any more. Is this something we could manage via voxpupuli?

Did everyone go and read the entire thing?