We don't have a CLI tool yet. We've the sig-devkit channel for that: https://voxpupuli.org/connect/. but our tooling doesn't require specific ruby versions. If you've any Ruby from the past 5 years installed, you can run out testing/releasing stuff locally, we've a CI public pipeline that other can reuse and we have modulesync to rollout boilerplate code to modules.

and we also have voxbox, a container that bundles all the stuff for you, so you don't even need ruby locally: https://github.com/voxpupuli/container-voxbox

ah. I thought mac's puppet/bolt/pdk

we've an openvox agent for mac, there will be a bolt package in the future

have I read the puppetlabs-mysql grant resource correctly, in that there is no way to sent a grant at an instance level or globally to a user, because it depends on the 'table' parameter which must be $database.table format https://github.com/puppetlabs/puppetlabs-mysql/blob/main/lib/puppet/provider/mysql_grant/mysql.rb

We have a process which uses exported resources to populate a ‘configuration’ file structure on a central host. The central host then processes the configuration files, via a script called by cron, it finds to configure resources in an application. • We have purge set on the owning directory … so if an exported resource goes away the config file is removed • We have notify on the file resource (which creates the config files) which touches a timestamp file for the script to use to check if it needs to do anything • We dont currently have anything that touches the timestamp if files are removed Can we put a notify on the file resource for the directory, and will that trigger if files are purged from the directory ?

You can add metaparameter

audit => 'mtime'

on the directory, that will make it to notify an exec or a service. I don't think directory itself is "notifiable"

Hi there, I wanted to install some special packages from particular DNF repos (which are disabled by default) eg, wanted solution like:

package { 'PACKAGE_NAME':
  ensure   => installed,
  install_options => ['--enablerepo=REPO_NAME'],
}

But this is not working. Anyone?

@Vivek if this is a DNF module, have a look at this snippet: https://github.com/puppetlabs/puppetlabs-postgresql/blob/main/manifests/dnfmodule.pp

Hello Team, We recently upgraded our servers [Foreman + Smart Proxy servers] to 3.15. While we navigate to check the host configuration n/ the puppet metrics, here is the sample link: [https://puppetserver-foreman-npd.np.rcsvcs.aws.lllint.com/new/hosts/xxxxx#/Puppet/reports?page=1&per_page=20&search=] we keep seeing the following error message in Foreman UI: Error: Minified React error #130; visit https://reactjs.org/docs/error-decoder.html?invariant=130&args[]=undefined&args[]= for the full message or use the non-minified dev environment for full errors and additional helpful warnings. Could you please assist us what is this error about? in p in div in dd in DescriptionListDescription in div in DescriptionListGroup in dl in DescriptionList in div in CardBody in div in CardExpandableContent in div in Card in div in GridItem in u in T in div in GridItem in div in Grid in div in i in t in t in i in p in component in d in k in t in t in t in t in u in Unknown in j in t in t in c in d in a in main in div in Page in div in FlexItem in div in Flex in c in v in t in o in a in k in s in div in A in IntlProvider in I18nProviderWrapper(A) in d in StoreProvider(I18nProviderWrapper(A)) in DataProvider(StoreProvider(I18nProviderWrapper(A))) in Unknown

Hey all, you might see the "Puppet Support Assistant" app get added to a few channels. It doesn't do anything yet, but we're trying something out with the Slack API! Hopefully it works and can be helpful!

Could anyone retrigger this PR? It failed last time as Ubuntu 20.04 was no longer supported. define Enum on supported encryption types for postgresql_password by figless · Pull Request #1611 · puppetlabs/puppetlabs-postgresql

I'm trying to map how the puppetlabs-postgresql module, takes the parameter $ipv4acls and actually outputs it into the config, I understand it's capturing a list of strings that are already in a format postgresql understands, but I can't see how that then gets output into the config file that postgresql parses, it's not in the templates and I can't see it being merged into another parameter that supersedes it any pointers of how this param actually get put into the configuration files

question ... as part of an upcoming exercise, i'll be adding a parameter whose value ends up being used as a password. one of the clients involved has a set of corporate requirements for passwords (minimum length, at least one each upper/lower/digit/other, etc.) ... one of the requirements is, and i quote: "Secrets must be randomly generated for each customer or user" ... is there an existing way to test for "must be randomly generated"? i.e.

bvy9873y,Raonf

passes, but

aaa111AAA!

would not

Good 14:01 EDT. Is there a linter available for the Puppetfile itself? I've tried various puppet-lint and bundle rubocop:autocorrect, etc but none support the Puppetfile.

you can just #YOLO it

it's Ruby

I use g10k in pre-commit hook

Thank you. I'll look at that.

using the puppetlabs-postgresql module, I've made a user error, I've set parameters in my postgres configuration that is stopping the module validate (and if needed change) the postrgresql password I can see the issue in debug

Debug: /Stage[main]/Postgresql::Server::Passwd/Postgresql::Server::Instance::Passwd[main]/Exec[set_postgres_postgrespw_main]/unless: psql: error: FATAL: password authentication failed for user "postgres"

Debug: Exec[set_postgres_postgrespw_main](provider=posix): Executing '/usr/bin/psql -c "ALTER ROLE \"postgres\" PASSWORD ${NEWPASSWD_ESCAPED}"'

Debug: Executing with uid=postgres gid=postgres: '/usr/bin/psql -c "ALTER ROLE \"postgres\" PASSWORD ${NEWPASSWD_ESCAPED}"'

Notice: /Stage[main]/Postgresql::Server::Passwd/Postgresql::Server::Instance::Passwd[main]/Exec[set_postgres_postgrespw_main]/returns: ALTER ROLE

Notice: /Stage[main]/Postgresql::Server::Passwd/Postgresql::Server::Instance::Passwd[main]/Exec[set_postgres_postgrespw_main]/returns: executed successfully (corrective)

but I can't see a configuration change that would stop the user postgres from connecting to validate/change the password. What I'd like to do is work out what the connection string the puppet module builds up to try to authenticate so I can work backward to see which connection rule I've put in that conflicts. is there a way I can short cut getting the connection string it's using ?

Hi all! Is it possible to configure a repository with

signed-by

using

key['id']

in

apt::source

? Currently, with the following configuration:

apt::source { 'valkey':
    ensure   => 'present',
    location => '<http://repo.percona.com/valkey/apt>',
    repos    => 'experimental',
    pin      => '1001',
    key      => {
        name   => 'valkey.gpg',
        id     => 'BCC3992DBA69042990E7527383A0F11D8507EFA5',
        server => 'keyserver.ubuntu.com',
    },
    notify   => Class['apt::update']
}

I only get this result:

# This file is managed by Puppet. DO NOT EDIT.
# valkey
deb <http://repo.percona.com/valkey/apt> bookworm experimental

Unfortunately,

key['source']

is not publicly available via a URL, so it would be convenient to use the

id

instead. How can I include the

signed-by

option in the generated

.list

file?

are there any recommended patterns or architecture for distributing puppetmaster functionality across multiple nodes, eg: a load balancer -> 3 nodes serving puppet master functionality, or say 3 nodes with round robin dns on them ? the problem will be the certificates/certficate authority and the backend storage, are there any known patterns that support running a distributed / horizontel scale puppet master ?

Goo 08:34 EDT. I'm looking for advice on tuning my puppet server. It's getting absolutely hammered all day. I have about 500 clients running puppet once each hour and my CPU percentage is constantly in the 90% and higher on all CPUs. > top - 083314 up 68 days, 23:57, 2 users, load average: 8.49, 6.68, 6.22 > Tasks: 310 total, 2 running, 308 sleeping, 0 stopped, 0 zombie > %Cpu0 : 77.2 us, 3.0 sy, 0.0 ni, 19.8 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st > %Cpu1 : 98.0 us, 0.0 sy, 0.0 ni, 1.0 id, 0.0 wa, 1.0 hi, 0.0 si, 0.0 st > %Cpu2 : 97.0 us, 0.0 sy, 0.0 ni, 2.0 id, 0.0 wa, 1.0 hi, 0.0 si, 0.0 st > %Cpu3 : 94.1 us, 0.0 sy, 0.0 ni, 4.9 id, 0.0 wa, 1.0 hi, 0.0 si, 0.0 st > %Cpu4 : 93.1 us, 2.0 sy, 0.0 ni, 3.9 id, 0.0 wa, 1.0 hi, 0.0 si, 0.0 st > %Cpu5 : 95.0 us, 0.0 sy, 0.0 ni, 5.0 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st > MiB Mem : 24080.1 total, 7336.7 free, 7412.0 used, 9331.5 buff/cache > MiB Swap: 4096.0 total, 4095.7 free, 0.2 used. 16234.3 avail Mem > > PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND > 1712575 puppet 20 0 8903328 4.8g 23272 S 555.9 20.4 12878:20 java As you can see the java process is taking the vast % of the CPU. I've got 24G on the server but only 8G is in use. I've modified the java "stuff" (which escapes me at the moment) and tried the different settings on the tuning guide but so far, my server still gets hammered. I was reading earlier today about environment caching. I'm not sure if that's the next thing I should investigate. Any pointers would be greatly appreciated.

I am getting below error for one of my node. Other servers in same hostgroup are not facing this,any idea: Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Cannot reassign variable '$name' on n

Hey, I’m managing a list of entries (e.g. folders) via Hiera and iterate over them using a loop in Puppet to create resources – for example folders with file. I would like to delete the folders, that are no longer part of the list. How can I achieve this? Here’s a simplified version of what I’m doing:

profile_example::folders:
  - folder1
  - folder2
  - folder3
---
init.pp:
$folders.each |String $folder| {
    file { $folder:
      ensure => directory,
      ...
    }

If i delete folder3 i would like that folder to be deleted. Ideally without making folders a hash with a state for the folder (folder1, state:present, .., folder3, state:absent) In the real use case, I’m calling a defined type inside the loop, which creates the folders, mounts something there and exports it via NFS and will be doing other stuff. Is there a good way to automatically remove resources that are no longer present in Hiera?

Hi All. I'm looking for some advice. I'd like to install Nagios Core and NRPE on Rocky 9 Linux with Puppet 8 but it appears supported modules are not available in Puppet Forge. Is it better to install Nagios Core and NRPE using the package resource and manage configuration with the puppet-augeasproviders_nagios module?

It's better to not use nagios

Can someone trigger this for postgresql again? https://github.com/puppetlabs/puppetlabs-postgresql/pull/1611

Hello does last puppetserver uses jruby-openssl >= 0.15.4 in order to get rid of CA bad type https://github.com/jruby/jruby-openssl/commit/2e7ff4d616988cc5890ee77121846d1ae30debb0