On Puppet7 in file "`/etc/puppetlabs/puppet/puppet.conf`" i have next line

autosign = /etc/puppetlabs/puppet/autosign.conf { mode = 0664 }

Initially I edited this file to add there my domains via wildcard:

*.<http://example.in|example.in>
*.<http://devexample.in|devexample.in>

And I faced this issue (as described in first message) --> cert was auto signed, and then instantly revoked on server, and when I tried to run

puppet agent -t

on client -> it wasreturning error that certifcate was revoked. At some point I understood that It may be causing issues and removed these wildcard domains from

/etc/puppetlabs/puppet/autosign.conf

and restarted Puppet server. Then after that I was doing manual signing of the cert on server.

the error looks like it is re-using the key for a cert that has been revoked or that you are trying to get a new cert for a cert that already exists on the Puppet server

After each attempt: • on client I purged puppet-agent package, and ALL directories (with leftovers) (aka

/etc/puppetlabs

and

/opt/puppetlabs

• on server I executed

puppetserver ca clean --certname XXXXXXXXXX

to removecerts of this host ------------------------------------------ Interesting stuff, I'm not sure if it's supposed to be like that or not: • After I migrated CA I pointed old clients to new Puppet7 server and they are working correctly BUT --> when I run

puppetserver ca list --all

I was seeing only certificate for Puppet 7 server, and no other certs for clients. Shouldn't they (old clients) create some new records in new Puppet server? PS. On agent I don't have "csr_attributes.yaml" (and I haven't edited nor created it)

I wrote you multiple times to copy over the whole ssl dir from the old server :)

Yes, you did 🙂 But I didn't knew "why" it should be done, and it has hunderds of old certificates (not actual), so i didn't wanted to migrate all old stuff

This message was deleted.

This message was deleted.

Hello, I am having hard time to understand following idea from docs, "If the exec has already run, has a refresh command, and receives an event, it runs its normal command. Then, if any onlyif , unless , or creates conditions are still met, the exec runs its refresh command." Anyone can explain it?

an

exec

resource will run

a refresh or event (e.g.

notify => Exec['my_exec']

) it will run again

you normally stop an

exec

from running all the time by using

onlyif, unless, creates

parameters

however, a refresh or event can cause it to run again

What problem are you running into with your

exec

resource?

you did not mention, "the exec runs its refresh command"

it confuses me, I think that expression tries to explain that sometimes normal command runs but sometimes refresh command runned. I can`t understand those times, like when normal command gets runned when refresh command gets runned

it confuses me, I think that expression tries to explain that sometimes normal command runs but sometimes refresh command runned. I can`t understand those times, like when normal command gets runned when refresh command gets runned

it links to a detailed workflow

if you don't set a refresh command, it will rerun the command specified

if you have one, it runs the refresh command (think install vs upgrade)

but honestly, unless you really need to, avoid exec as a resource

My emoji fluency is limited, but I totally agree with Lumiere about avoiding exec as a resource unless you absolutely have to

that is true, actually I am trying to prepare exam. and was not able to understand that part

This message was deleted.

It should be noted that the zabbix errors are likely triggering on the total system memory running out, where as the heap you have set ,takes 4gb at start if the service and should remain static, so if your system only starts to alert on low memory after some time of operation, its likely you have something else on the system taking memory that may be unrelated

I'm trying to understand, if i have value

max-active-instances: 2

and JVM min and max Heap size equal to 4GB does this mean that in total it will be 2x4 = 8 GB usage?

JVM heap of 4GB means the puppetserver JVM will not consume anything more than 4GB for heap at any time no matter how many active-instances are set (disclaimer there is a modest memory overhead for the server thats not factored into the heap)

JVM heap of 4GB means the puppetserver JVM will not consume anything more than 4GB for heap at any time no matter how many active-instances are set (disclaimer there is a modest memory overhead for the server thats not factored into the heap and the reserved code cache)

JVM heap of 4GB means the puppetserver JVM will not consume anything more than 4GB for heap at any time no matter how many active-instances are set (disclaimer there is a modest memory overhead for the server thats not factored into the heap and then also reserved code cache)

Team need your suggestions on below. I have few servers, where csr_attribute file is missing and server is not contactable to puppet master. Is there any way to fix them ?

message has been deleted

This message was deleted.

At the most basic, use the built-in

file

,

exec

, and other "built-in" types: https://puppet.com/docs/puppet/7/type.html Also look at the

stdlib

module which adds

file_line

and some other useful helpers: https://forge.puppet.com/modules/puppetlabs/stdlib Find a simple module and see how it works. I have recently been doing a lot of work with the Puppetlabs HAProxy module - it is large, but simple.