Trying to access the JMX metrics from the Puppet server but can't really seems to get it running... it has been enabled in the JAVA_ARGS, curl replies "Empty reply from server". Did i miss some documentation? or is this a quite sparse subject ? (https://www.puppet.com/docs/puppet/7/server/metrics-api/v1/metrics_api)

Good 1000 EST. I'm using puppet-module-pam module to (try to) manage my /etc/pam.d/ files and the module sets certain defaults which I don't want. In my control-repo project, the hiera hierarchy is common.yaml then os.yaml then os.version.yaml. The problem that I'm having is that the parameter lookup is merging common then os and then the defaults in the puppet-module-pam module. Is there any way that I can specify in my common.yaml file NOT to consider the module's hiera structure? I realize I could do a lookup on hiera data that is not the parameter name and then dump those values into the puppet-module-parm parameters but this seems kind jankey. All of the parameters are string arrays and ordering of my data is very important due to the nature of PAM. I think the fundamental problem is that the PAM module just accepts a bunch of strings instead of hashes (which would be much easier to manage).

Hi Team, is there a way we can manually do a GC on puppet db postgres ?

Hi everyone ! I'm looking in setting up a Vault in order to store secrets, and then be accessed by the agent using the vault_lookup function. I was able to set-up the authentication through the use of the Puppet certificate, which is neat. However I'm struggling in creating a policy that would fit my use case, and while I know it's not per-se related to Puppet, I think that others may have already created such policy. The policy I want to create should allow access to a specific folder for a given host, where the cert_name, is the name of the folder. Something like this for example if the certname value was

<http://db01.local.net|db01.local.net>

v1/secrets/puppet/hosts/db01.local.net/*

Does someone have experience setting up such a policy ? Thanks in advance for any help ! 😄

Hello all PDX folks! @smortex arrives here tomorrow and will be around for about a week. Wanna geek out over Puppet, FreeBSD, keyboards, or other topics, nerdy or not?

Hey everyone, i think the module trusted_ca is broken since tag v5.1.0 the validate_cmd command is wrong. https://github.com/voxpupuli/puppet-trusted_ca/pull/60

can you raise a PR with a patch?

can't find when changes are not had been written to

/opt/puppetlabs/puppet/cache/clientbucket

on puppet7. Can somebody locate me to changes in changelog and/or which setting is restored this behaviour?

Hello, I am just wondering what UFW modules that people are using along side r10k v12.1.1 onwards https://forge.puppet.com/modules/puppet/r10k/12.1.1/readme I am asking this as we are currently using this module https://forge.puppet.com/modules/kogitoapp/ufw/readme However, I have run into a bit of a dependency issue with it. As this UFW module requires

puppetlabs/stdlib (>= 3.2.0 < 8.0.0)

And the r10k module 12.1.1 requires

puppetlabs/stdlib (>= 9.0.0 < 10.0.0)

I am wondering if anyone has any good recommendations that they use.

my recommendation is to use the puppet/nftables module

See the

puppet-nftables

module at https://forge.puppet.com/puppet/nftables?src=slack&channel=puppet

allthethings Modules Team is about to start up in #CFD8Z9A4T

@csharpsteen I've a rough memory that you once mentioned a puppet run that printed

Info: Loading facts

multiple times? Was that some kind of bug where something is loaded multiple times? I'm currently debugging a pipeline that uses puppet apply and I see the message up to 26 times for a single apply

Hi Team, One basic query, How we can map puppet release with puppet agent version and puppet server version?

short answer: always use the latest available major version for puppet agent/server/db

you can also check https://www.puppet.com/docs/puppet/8/platform_lifecycle.html

Hi all, Could someone help correct my Puppet query to get a specific tag value from az_metadata fact? This is what I have that's not working. Thanks.

puppet-query "inventory[certname,facts.hostname,facts.az_metadata.compute.tagsList.value] {facts.az_metadata.compute.tagsList.name = 'region'}"

Hey folks, I'm using below puppet forge module to install qualys cloud agent. and as it suggested I've put in the customer/activation id in the control repo. but it gives me error while running rspec test in control repo _*"could not find declared class qualys_agent*_." https://forge.puppet.com/modules/broadinstitute/qualys_agent/readme

class { 'qualys_agent': activation_id => 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX', customer_id => 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX', }

also included in base.pp

Hi everyone ! Does anyone know if the Puppet server provides an OCSP endpoint or something of this kind ?

can you call a puppet function in hiera, like puppetdb_query ?

anyone using

gorge

for an internal forge, and also using the systemd service with it?

I have this interesting scenario where I populate a group based on the result of a puppetdb_query. In most cases, I consider puppetdb disposable, but this particular scenario requires this to not be the case. Is there a way to cache the query output cleverly and still use that as a var? Maybe deferred content with file resource or should I schedule it to run 1x every 3 days or something. It would be catastrophic if the db query came back with incomplete or no results.

Somehow I suspect that mount_core's auto-requires doesn't work properly on un-mounting (when ensure=>absent)..

puppet agent is working fine while connecting directly, but while using loadbalancer is is reseting the connection. LB is just passthrough..what might be the issue

Hello everyone, I need to help. I have this message on my Debian machine : août 29 083734 puppet puppet-agent[711]: No more routes to fileserver août 29 083735 puppet puppet-agent[711]: Connection to https://puppet:8140/puppet/v3 failed, trying next route: Request to https://puppet:8140/puppet/v3 failed after 0.002 seconds: Failed to open TC P connection to puppet:8140 (Network is unreachable - connect(2) for xxx.x.x.x.:8140) août 29 083735 puppet puppet-agent[711]: Wrapped exception: août 29 083735 puppet puppet-agent[711]: Failed to open TCP connection to puppet:8140 (Network is unreachable - connect(2) for x.x.x.x:8140) août 29 083735 puppet puppet-agent[711]: Could not retrieve catalog from remote server: No more routes to puppet août 29 083735 puppet puppet-agent[711]: Could not retrieve catalog; skipping run août 29 083735 puppet7 puppet-agent[711]: Connection to https://puppet:8140/puppet/v3 failed, trying next route: Request to https://puppet7:8140/puppet/v3 failed after 0.002 seconds: Failed to open TCP connection to puppet:8140 (Network is unreachable - connect(2) for xxx.x.x.x:8140) In my puppet.conf file, I have this configuration [main] ssldir = /var/lib/puppet/ssl server = puppet7 [master] vardir = /var/lib/puppet cadir = /var/lib/puppet/server/ssl/ca dns_alt_names = puppet I have configure dns in resolv.conf : nameserver : 10.0.0.6 Any idea ?

the more you know 🧑‍🏫Puppet Core Team is about to start up in #CFD8Z9A4T

Hi All, I have migrated the puppet5 (CentOS) to puppet7 (Amazon Linux 2023), and trying to install the ruby-shadow gem, but it is showing below error: /usr/local/rvm/bin/rvm ruby-3.2.3@puppet7 do gem install --no-document ruby-shadow

extconf.rb:68:in `<main>': You are missing some of the required functions from either shadow.h on Linux/Solaris, or pwd.h on FreeBSD/MirBSD/NetBSD/OpenBSD/OS X. (RuntimeError)

To see why this extension failed to compile, please check the mkmf.log which can be found here:

  /usr/local/rvm/gems/ruby-3.2.3@puppet7/extensions/x86_64-linux/3.2.0/ruby-shadow-2.5.1/mkmf.log

is this nested loop/conditional pattern not allowed: $environments.each |$env| { if $env == 'dev' { $foo='x' } } # foo is a var declared undef at the top...