Puppet Community #puppet

Join Slack

Yorokobi

05/27/2022, 1:29 AM

There are many ways to manage a config file

Serin Abraham

05/27/2022, 1:34 AM

cool thanks, will check those options.

Slackbot

05/27/2022, 12:13 PM

This message was deleted.

domd

05/27/2022, 3:47 PM

@Lumiere: thanks for the info.. i'll bring this back to the team and we'll have some decisions to make.

Slackbot

05/27/2022, 5:58 PM

This message was deleted.

Micah

05/28/2022, 1:00 PM

I've got a hiera value that is set to

false

, but when I use it in a template, its as if it is evaluated as `true`: I can confirm that on

mx1

the

log_anon

hiera value is set to false: # puppet lookup --node mx1 --environment production --merge deep --render-as s --merge-hash-arrays --explain log_anon` ... Hierarchy entry "Per-node data" Path "/etc/puppet/code/environments/production/data/nodes/mx1.yaml" Original path: "nodes/%{::hostname}.yaml" Found key: "log_anon" value: false ... Path "/etc/puppet/code/environments/production/data/common.yaml" Original path: "common.yaml" Found key: "log_anon" value: true Merged result: true Hierarchy entry "trocla" No such key: "log_anon" Merged result: false Merged result: false

Copy code

The `site_rsyslog::local` class is looking up that key and setting it in a variable:
```$anonymize = hiera('log_anon', true)

and then that variable is passed to the class template:

Copy code

class { 'rsyslog':
    log_remote => false,
    log_local  => true,
    anonymize  => $anonymize,
    mtail      => true,
  }

the class supports that parameter:

Copy code

class rsyslog (
  Optional[Boolean] $server = false,
  Optional[Boolean] $log_remote = true,
  Optional[Boolean] $log_local  = false,
  Optional[Boolean] $anonymize = false,
  Optional[Boolean] $mtail  = false,
  ) {

and in the class, the epp template is passed that value:

Copy code

file { '/etc/rsyslog.d/00_client.conf':
      ensure  => file,
      content => epp('rsyslog/client.conf.epp', {
        'anonymize'      => $anonymize,
        'local'          => $log_local,
        'mtail'          => $mtail,
        'remote'         => $log_remote,
        'rsyslog_server' => $rsyslog_server }),
      owner   => root,
      group   => root,
      mode    => '0755',
    }
  }
}

and that epp template is supposed to trigger off of that variable:

Copy code

<% if $anonymize { -%>
  # Anonymize logs here.
  action(type="mmanon" ipv4.bits="32" ipv4.mode="zero" ipv6.bits="128" ipv6.anonmode="zero")
<% } -%>

but what happens is the anonymize section is added to

mx1

even when

log_anon

is set to false.

Micah

05/28/2022, 1:01 PM

I've got a hiera value that is set to

false

, but when I use it in a template, its as if it is evaluated as `true`: I can confirm that on

mx1

the

log_anon

hiera value is set to false:

Copy code

# puppet lookup --node mx1 --environment production --merge deep --render-as s --merge-hash-arrays --explain log_anon`
...
        Hierarchy entry "Per-node data"
          Path "/etc/puppet/code/environments/production/data/nodes/mx1.yaml"
            Original path: "nodes/%{::hostname}.yaml"
            Found key: "log_anon" value: false
...
            Path "/etc/puppet/code/environments/production/data/common.yaml"
              Original path: "common.yaml"
              Found key: "log_anon" value: true
            Merged result: true
        Hierarchy entry "trocla"
          No such key: "log_anon"
        Merged result: false
    Merged result: false

The

site_rsyslog::local

class is looking up that key and setting it in a variable:

$anonymize = hiera('log_anon', true)

and then that variable is passed to the class template:

Copy code

class { 'rsyslog':
    log_remote => false,
    log_local  => true,
    anonymize  => $anonymize,
    mtail      => true,
  }

the class supports that parameter:

Copy code

class rsyslog (
  Optional[Boolean] $server = false,
  Optional[Boolean] $log_remote = true,
  Optional[Boolean] $log_local  = false,
  Optional[Boolean] $anonymize = false,
  Optional[Boolean] $mtail  = false,
  ) {

and in the class, the epp template is passed that value:

Copy code

file { '/etc/rsyslog.d/00_client.conf':
      ensure  => file,
      content => epp('rsyslog/client.conf.epp', {
        'anonymize'      => $anonymize,
        'local'          => $log_local,
        'mtail'          => $mtail,
        'remote'         => $log_remote,
        'rsyslog_server' => $rsyslog_server }),
      owner   => root,
      group   => root,
      mode    => '0755',
    }
  }
}

and that epp template is supposed to trigger off of that variable:

Copy code

<% if $anonymize { -%>
  # Anonymize logs here.
  action(type="mmanon" ipv4.bits="32" ipv4.mode="zero" ipv6.bits="128" ipv6.anonmode="zero")
<% } -%>

but what happens is the anonymize section is added to

mx1

even when

log_anon

is set to false.

Micah

05/28/2022, 1:02 PM

I've got a hiera value that is set to

false

, but when I use it in a template, its as if it is evaluated as `true`: I can confirm that on

mx1

the

log_anon

hiera value is set to false:

Copy code

# puppet lookup --node mx1 --environment production --merge deep --render-as s --merge-hash-arrays --explain log_anon
...
        Hierarchy entry "Per-node data"
          Path "/etc/puppet/code/environments/production/data/nodes/mx1.yaml"
            Original path: "nodes/%{::hostname}.yaml"
            Found key: "log_anon" value: false
...
            Path "/etc/puppet/code/environments/production/data/common.yaml"
              Original path: "common.yaml"
              Found key: "log_anon" value: true
            Merged result: true
        Hierarchy entry "trocla"
          No such key: "log_anon"
        Merged result: false
    Merged result: false

The

site_rsyslog::local

class is looking up that key and setting it in a variable:

$anonymize = hiera('log_anon', true)

and then that variable is passed to the class template:

Copy code

class { 'rsyslog':
    log_remote => false,
    log_local  => true,
    anonymize  => $anonymize,
    mtail      => true,
  }

the class supports that parameter:

Copy code

class rsyslog (
  Optional[Boolean] $server = false,
  Optional[Boolean] $log_remote = true,
  Optional[Boolean] $log_local  = false,
  Optional[Boolean] $anonymize = false,
  Optional[Boolean] $mtail  = false,
  ) {

and in the class, the epp template is passed that value:

Copy code

file { '/etc/rsyslog.d/00_client.conf':
      ensure  => file,
      content => epp('rsyslog/client.conf.epp', {
        'anonymize'      => $anonymize,
        'local'          => $log_local,
        'mtail'          => $mtail,
        'remote'         => $log_remote,
        'rsyslog_server' => $rsyslog_server }),
      owner   => root,
      group   => root,
      mode    => '0755',
    }
  }
}

and that epp template is supposed to trigger off of that variable:

Copy code

<% if $anonymize { -%>
  # Anonymize logs here.
  action(type="mmanon" ipv4.bits="32" ipv4.mode="zero" ipv6.bits="128" ipv6.anonmode="zero")
<% } -%>

but what happens is the anonymize section is added to

mx1

even when

log_anon

is set to false.

Slackbot

05/28/2022, 1:02 PM

This message was deleted.

Micah

05/28/2022, 1:02 PM

I've got a hiera value that is set to

false

, but when I use it in a template, its as if it is evaluated as `true`: I can confirm that on

mx1

the

log_anon

hiera value is set to false:

Copy code

# puppet lookup --node mx1 --environment production --merge deep --render-as s --merge-hash-arrays --explain log_anon
...
        Hierarchy entry "Per-node data"
          Path "/etc/puppet/code/environments/production/data/nodes/mx1.yaml"
            Original path: "nodes/%{::hostname}.yaml"
            Found key: "log_anon" value: false
...
            Path "/etc/puppet/code/environments/production/data/common.yaml"
              Original path: "common.yaml"
              Found key: "log_anon" value: true
            Merged result: true
        Hierarchy entry "trocla"
          No such key: "log_anon"
        Merged result: false
    Merged result: false

The

site_rsyslog::local

class is looking up that key and setting it in a variable:

$anonymize = hiera('log_anon', true)

and then that variable (in the same class) is passed to the class template:

Copy code

class { 'rsyslog':
    log_remote => false,
    log_local  => true,
    anonymize  => $anonymize,
    mtail      => true,
  }

the class supports that parameter:

Copy code

class rsyslog (
  Optional[Boolean] $server = false,
  Optional[Boolean] $log_remote = true,
  Optional[Boolean] $log_local  = false,
  Optional[Boolean] $anonymize = false,
  Optional[Boolean] $mtail  = false,
  ) {

and in the class, the epp template is passed that value:

Copy code

file { '/etc/rsyslog.d/00_client.conf':
      ensure  => file,
      content => epp('rsyslog/client.conf.epp', {
        'anonymize'      => $anonymize,
        'local'          => $log_local,
        'mtail'          => $mtail,
        'remote'         => $log_remote,
        'rsyslog_server' => $rsyslog_server }),
      owner   => root,
      group   => root,
      mode    => '0755',
    }
  }
}

and that epp template is supposed to trigger off of that variable:

Copy code

<% if $anonymize { -%>
  # Anonymize logs here.
  action(type="mmanon" ipv4.bits="32" ipv4.mode="zero" ipv6.bits="128" ipv6.anonmode="zero")
<% } -%>

but what happens is the anonymize section is added to

mx1

even when

log_anon

is set to false.

Micah

05/28/2022, 1:03 PM

I've got a hiera value that is set to

false

, but when I use it in a template, its as if it is evaluated as `true`: I can confirm that on

mx1

the

log_anon

hiera value is set to false:

Copy code

# puppet lookup --node mx1 --environment production --merge deep --render-as s --merge-hash-arrays --explain log_anon
...
        Hierarchy entry "Per-node data"
          Path "/etc/puppet/code/environments/production/data/nodes/mx1.yaml"
            Original path: "nodes/%{::hostname}.yaml"
            Found key: "log_anon" value: false
...
            Path "/etc/puppet/code/environments/production/data/common.yaml"
              Original path: "common.yaml"
              Found key: "log_anon" value: true
            Merged result: true
        Hierarchy entry "trocla"
          No such key: "log_anon"
        Merged result: false
    Merged result: false

The

site_rsyslog::local

class is looking up that key and setting it in a variable:

$anonymize = hiera('log_anon', true)

and then that variable (in the same

site_rsyslog::local

class) is passed to the

rsyslog

class:

Copy code

class { 'rsyslog':
    log_remote => false,
    log_local  => true,
    anonymize  => $anonymize,
    mtail      => true,
  }

the class supports that parameter:

Copy code

class rsyslog (
  Optional[Boolean] $server = false,
  Optional[Boolean] $log_remote = true,
  Optional[Boolean] $log_local  = false,
  Optional[Boolean] $anonymize = false,
  Optional[Boolean] $mtail  = false,
  ) {

and in the class, the epp template is passed that value:

Copy code

file { '/etc/rsyslog.d/00_client.conf':
      ensure  => file,
      content => epp('rsyslog/client.conf.epp', {
        'anonymize'      => $anonymize,
        'local'          => $log_local,
        'mtail'          => $mtail,
        'remote'         => $log_remote,
        'rsyslog_server' => $rsyslog_server }),
      owner   => root,
      group   => root,
      mode    => '0755',
    }
  }
}

and that epp template is supposed to trigger off of that variable:

Copy code

<% if $anonymize { -%>
  # Anonymize logs here.
  action(type="mmanon" ipv4.bits="32" ipv4.mode="zero" ipv6.bits="128" ipv6.anonmode="zero")
<% } -%>

but what happens is the anonymize section is added to

mx1

even when

log_anon

is set to false.

Micah

05/28/2022, 10:59 PM

message has been deleted

Slackbot

05/30/2022, 7:34 AM

This message was deleted.

David Bernard

05/30/2022, 7:35 AM

In puppet language, how can I reference a resource property. I am using the bmc module from puppet forge and I want to retrieve the "bmc" IP address which in my case is from a Dell iDRAC? I see from debug output the resource being created and the values read from the iDRAC. Initially I am just trying to output debug.

bmc_network{ 'idrac': }

debug($facts["bmc"]["ipv4_ip_address"]) debug(Bmc_network['idrac'])

David Bernard

05/30/2022, 7:36 AM

bmc_network{ 'idrac': }

debug(Bmc_network['idrac'])

krishna kant mishra

05/30/2022, 9:49 AM

Team, Can we add custom role to a server if it has already some role assigned like sql , web server etc? Does it make any changes to existing role configuration?

krishna kant mishra

05/30/2022, 9:54 AM

Team, Can we add custom role to a server if it has already some role assigned like sql , web server etc? Does it make any changes to existing role configuration?

Slackbot

05/30/2022, 11:03 AM

This message was deleted.

Marty Ewings

05/30/2022, 2:40 PM

im thinking you can query the facts endpoint directly, this only returns results for active nodes, which prevents the need for the first section

Marty Ewings

05/30/2022, 3:08 PM

Copy code

puppet query 'inventory[count()] {facts.os.family = "Debian" and facts.os.release.major = "8"}'

Marty Ewings

05/30/2022, 3:12 PM

i think in your original query the nested queries would be run against each returned node, which on a large system could take some processing

Slackbot

05/30/2022, 3:25 PM

This message was deleted.

👍 1

Yehuda Katz

05/30/2022, 3:25 PM

Can someone run the tests on https://github.com/puppetlabs/puppetlabs-haproxy/pull/508

Slackbot

05/30/2022, 5:13 PM

This message was deleted.

Oleksandr Lytvyn

05/30/2022, 5:35 PM

no such serial

bastelfreak

05/30/2022, 5:51 PM

in that output puppet says

Info: Creating a new SSL certificate request for XXXXXXXXXXXXXX

bastelfreak

05/30/2022, 6:58 PM

please do

namei -l /etc/puppetlabs/puppet/ssl/*/*

Yehuda Katz

05/30/2022, 7:02 PM

I think these tests should all finally work - can I get another test run?

Oleksandr Lytvyn

05/30/2022, 7:15 PM

LoL, I just did it (installed new instance), and got the same result. Cert instantly revoked

Oleksandr Lytvyn

05/30/2022, 7:20 PM

Copy code

2022-05-30T19:14:46.997Z INFO  [qtp1236140807-52] [p.p.certificate-authority] Signed certificate request for <http://ip-10-11-200-75.XXXXXXXXXXXXX.in|ip-10-11-200-75.XXXXXXXXXXXXX.in>
2022-05-30T19:14:52.424Z ERROR [qtp1236140807-126] [p.s.c.certificate-authority-core] <http://ip-10-11-200-75.XXXXXXXXXXXXX.in|ip-10-11-200-75.XXXXXXXXXXXXX.in> already has a revoked certificate; ignoring certificate request
2022-05-30T19:16:57.823Z ERROR [qtp1236140807-126] [p.s.c.certificate-authority-core] <http://ip-10-11-200-75.XXXXXXXXXXXXX.in|ip-10-11-200-75.XXXXXXXXXXXXX.in> already has a revoked certificate; ignoring certificate request

(on new client/host)