hi all, I use https://forge.puppet.com/modules/puppetlabs/docker/reference#docker--run but after every

puppet agent -t

the docker restart the container why ? I change the

pull_on_start to false

, and

restart to no

it still restart the container.

docker::run { 'cadvisor':
    image            => '<http://gcr.io/cadvisor/cadvisor:latest|gcr.io/cadvisor/cadvisor:latest>',
    pull_on_start    => false,
    ports            => ['8000:8080'],
    volumes          => [
      '/:/rootfs:ro',
      '/var/run:/var/run:ro',
      '/sys:/sys:ro',
      '/var/lib/docker/:/var/lib/docker:ro',
      '/dev/disk/:/dev/disk:ro',
    ], # Mount the required volumes
    detach           => true,
    restart          => 'no',
    privileged       => true,
    extra_parameters => [
      '--device=/dev/kmsg',
    ],
    require          => [
      Class['role::docker'],
    ],
  }

I use also v0.52.0 image instade of latest. but it still restart the container.

Strange problems with /var/lib/puppet/clientbucket when purging and ensuring sshkeys I get Notice: /Stage[main]/Chalmers:Accounts/Accounts:User[user1]/Ssh_authorized_key[joe Yubi]/ensure: removed Error: Could not back up /home/joe/.ssh/authorized_keys: Permission denied @ dir_s_mkdir - /var/lib/puppet/clientbucket Error: /Stage[main]/Chalmers:Accounts/Accounts:User[user1]/Ssh_authorized_key[joe Yubi]: Could not evaluate: Could not back up /home/joe/.ssh/authorized_keys: Permission denied @ dir_s_mkdir - /var/lib/puppet/clientbucket This problem appears on some of my clients but not all. I get a feeling that on the clients that have this error it is trying to access the clientbucket setresuid to the uid of joe which won't work since /var/lib/puppet/clientbucket is owned by root

Hello, I have bit of a strange requirements. I'm using the hiera-eyaml, so my tokens/password in the hiera file. but my class accept Sensitive data type, which is mentioned [here](https://www.puppet.com/docs/puppet/7/securing-sensitive-data.html#securing_sensitive_data-lookup-options) It works fine with basic data type, like String, but what about other data type like Hash, Struct ? Would be awesome if someone can take a stab at it ?

puppet-grafana module has Sensitive hashes, check it

Hi all, I've hit the following issue whilst upgrading puppetlabs-firewall from

6.0.0

to

8.1.5

(latest) and I've hit the following issue. Does anyone know if I delete the files from the global cache like opentokix suggests would that break my environments using the old version of the module? For testing I need to "generate types" for the new module on our dev/staging but for the time being leave production on the old version Could not autoload puppet/provider/firewall/iptables: Firewall is not a class · Issue #1162 · puppetlabs/puppetlabs-firewall

@Lauren Hexum has left the channel

Is there a way to get notified about openvox releases (agent, server, db and db-termini)?

question (and i think i already know the answer, but i figure it can't hurt to ask) ... i've found that code in one class can access variables that were calculated in another class (within another module, if that's important), but it only works sometimes ... and it seems to have to do with what order the compiler processes the classes. so my question is, is there any way to control what order the compiler processes things? or is the order not supposed to matter, code is supposed to be strictly encapsulated, and i'm doing something that isn't guaranteed to work by accessing variables (not parameters) across classes?

question: is there a way to detect, in puppet code, if a parameter which has been deprecated, is still receiving a value from hiera or not? (lots of people edit the hiera files for their own servers, and we have a problem with people not removing old parameters from hiera files when they're supposed to, then complaining when their old parameter doesn't do what it used to do) ... so far i've found that i can change the parameter to

Undef $xyz = undef

, which makes the compiler throw an error if the value is present, but the error message isn't clear to most people, and they interrupt me to translate the message from puppet to english. what i'm looking for is a way to detect this in code, so i can

fail()

with a human-readable message that explains where the person should look for instructions (so they don't interrupt me)

Hey all I have a question reg. communication between puppet agents and servers. In my understanding, agents open the connection to the server(s). We see tons of drops in our stateful firewall. In that cases, puppet servers send a RST package with source port 8140 to the agents. Can anyone explain that behavoir?

Hey all - in the next Puppet/Vox monthly sync (May 13) we, Perforce, will have a few slides with updates to share with the community on the open items we have been discussing. I will be joined by Jake and Tzvika in the May monthly sync. Looking forward to talking with you all then. We have a new, stable zoom to use going forward, it is in a thread to add to any personal calendar invites you may have, will share it again on May 13 ahead of the sync.

Hello guys, is possible to disable report-ttl for PuppetDB? Something like report-ttl=-1

question: i know that if code in one class tries to access a variable calculated in another class, sometimes it works and sometimes it doesn't, depending on what order the compiler happens to process the code ... but i don't remember ever having any problems with accessing parameter values from other classes ... does the compiler handle parameter values differently than how/when it "runs" the code to calculate variable values? is it safe to expect other classes' parameter values to always be available to code in any other class, or have i just been getting lucky for the past 13 years?

if class is evaluated prior - yes

you need to include class before you can refer to it's variables

Classes are evaluated as they are included, think of them as functions - if one class includes another it will evaluate that class before continuing in the calling class. Defines, when “declared” to be included will be queued and evaluated after classes, if a class is included during evaluation of a define the class will be fully evaluated before the define is. When a class is evaluated it first evaluates its parameters. Does that help?

See https://puppet-on-the-edge.blogspot.com/2014/04/getting-your-puppet-ducks-in-row.html for more on this topic

so ... the first time the compiler encounters

include xyz

, it gets the class's parameters from (enc, hiera, etc.) and adds those to an internal "hash of variable values" somewhere, and adds the class's name to a list of classes to be "executed" later on in the compilation process ... then each successive

include xyz

notices that the class is already on the list and doesn't do anything else ... yes? (the last time i dealt with compiler design was around 1993)

almost, it makes a record of class being called/included and evaluates its params and then its body. it is never queued.

if included again it is a noop

if included with param values it cannot be included again with param values

ah ... so it sounds like when it gets `include`'d the first time it makes an early pass through the code to find other

include

statements, and then later it actually "runs" the code to generate the resource declarations for the catalog

no, no extra pass, it just goes statement by statement

so ... when it processes the first

include

, it actually "runs" the code of the "included" class and adds things to the catalog?

any resources declared will be pushed on a queue though, but included classes are evaluated directly

i thought that's the one thing it didn't do

when a class is included it is evaluated (I suppose that is “run” in your vocabulary)

okay ... and this "resources pushed on a queue" ends up becoming the

resources

array in the catalog that gets sent back to the agent?

Not directly, think of them as function calls that are pushed on a queue instead of being directly called. After all class bodies have been evaluated it will start actually calling the queued defines