I'd say follow steps from here: https://puppet.com/docs/puppet/7/install_agents.html#install_mac_agents

but answer for your question is here: https://puppet.com/docs/puppet/7/install_agents.html#configure_server_setting

Thank you for the assistance. I find one thing confusing tho. Complete these steps before attempting to install macOS agents. mv /opt/puppetlabs/puppet/bin/wrapper.sh /opt/puppetlabs/puppet/bin/wrapper This directory would only be available after the installation is complete if I'm not mistaken.

Also, what puppetserver — puppet agent pair are best suitable please?

the puppetserver and agent versions should match for puppet 7

(so both 7)

beyond that, they should work together ok

This message was deleted.

I'm stuck a bit with

Error: certificate verify failed [unable to get local issuer certificate for CN=xxx]

error during

puppet ssl bootstrap

on a fresh VM.. what is the most obvious reason for this?

I'm stuck a bit with

Error: certificate verify failed [unable to get local issuer certificate for CN=xxx]

error during

puppet ssl bootstrap

on a fresh VM.. what is the most obvious reason for this?

you shouldn't need to puppet ssl bootstrap?

what are you trying to do exactly?

I was debugging the

puppet agent

throwing the error above... the reason was

ca_port

pointing to compile master port facepalm

ah, yea generally I just puppet agent -t and let it run, but yea that'd do it

I use srv_domain at this point so I just tell it what the puppet srv record base is and it figures it all out (use_srv_records and srv_domain)

puppet agent -t --http_debug

can help in those cases as it will show the <endpoint>:<port> connections being made each step of the way.

Hey everyone, I have question about puppet and docker. The benefits of puppet are many, but among them is, given a properly written module from the forge, for example, Apache or Nginx, the configurations are created for me. This makes sense when I’m using a server or an EC2 instance because I can install the agent. However, when using docker, I am running only the nginx or apache daemon inside. There is no agent. Is there any best practices or established ways of getting the benefits of Puppet in docker containers?

you could use puppet apply to install the daemon and its configuration, (possibly via a mount during build?) you likely could make the aio agent available as a mount if you were just doing apply as well

then the actual container wouldn't contain anything (I don't have containers in my puppet configs at this point)

The usual thing puppet handles in a conventional machine don't exist in a container. There is no “service”. In a container, you're running a process (which may be the service itself). And usually the process id of it is 1. This shows that's the first thing to run in the container. Although some light research showed this: https://puppet.com/blog/running-puppet-software-docker-containers/

It's still not quite right because it treats containers like they're conventional systems.

But maybe this is an immutable compromise.

In a Puppet+Docker/Container world, I’ve found that a good model is to use Puppet during the image build process, not during the container runtime process.

The usual thing puppet handles in a conventional machine don't exist in a container. There is no “service”. In a container, you're running a process (which may be the service itself). And usually the process id of it is 1. This shows that's the first thing to run in the container. Although some light research showed this: https://puppet.com/blog/running-puppet-software-docker-containers/

It's seems that's the only real option.

Unless you install something like supervisord in the container and let it manage the puppet agent process and whatever your app may be.

What I especially like about the puppet agent is for instance with Nginx, I can change the number of workers by calculating how much memory there is.

I can't do that if I don't have a running agent.

yes, but you could do that via a startup script, or building the image based on knowing what containers will be built

i don't like containers