https://www.puppet.com/community logo
Join Slack
Powered by
# puppet
  • a
    so eyaml for token and vault for all other sensitive variables? any written guides for this?
  • g
    I cannot find puppet6-release-jammy.deb on apt.puppetlabs.com. What is the suggested way to install puppet agent v6 on Ubuntu 22.04?
  • v
    not officially supported yet
  • v
  • t
    You can check out our demo code from meetup. The repo contains some demo files: https://github.com/pugdach/meetup-2022-02-09 Just check that you do not query ALL keys from vault. This will immediately make your vault suffer under high load. You can limit lookups using the confine_to_keys option.
  • a
    Copy code
    hierarchy:
  - name: "Hiera-vault lookup"
    lookup_key: hiera_vault
    options:
      confine_to_keys:
        - "^vault_.*"
        - "^.*_password$"
        - "^password.*"
        - ".*test.*"
      ssl_verify: false
      address: <https://vault.example.com:444>
      token: token
      default_field: value
      v1_lookup: false
      mounts:
        puppet:
          - common/
  • a
    Copy code
    hierarchy:
  - name: "Hiera-vault lookup"
    lookup_key: hiera_vault
    options:
      confine_to_keys:
        - "^vault_.*"
        - "^.*_password$"
        - "^password.*"
        - ".*test.*"
      ssl_verify: false
      address: <https://vault.example.com:444>
      token: token
      default_field: value
      mounts:
        puppet:
          - common/
  • y
    Since this looks like a problem with the documentation, what's the best/correct way to inform the folks who can do something about it?
  • s
    Hello everyone, short question, the recomendation for the puppet agent was always to run it within a scheduler (like cron, systemd.timer, .... ). We are currently revisiting your agent and server configs jut to see if we are on the lastest state and we were talking about this. As far as I know this best practice did not changed right. Currently we have puppet agent (6 latest) connecting to puppet server (6 latest) and we have puppet agent (7 latest) connecting to puppet server (7 latest) Why the question came up was, we went over the config daemonize=false and saw that if we use the default puppet agent package for installation it enables the systemd service which lets it run in as a daemon. Does somene have any insites why it is done like this if the best practice is still the same as it was before?
  • l
    I wouldn't say that running a scheduler is a best practice for puppet agent at this point, there are good options in the agent for managing both frequency and splay in the daemon
  • l
    puppet 2 didn't have those options for sure
  • l
    not sure specifically when they were added
  • s
    This message was deleted.
    c
    d
    +4
    • 7
    • 32
  • l
    I would only do agentless if you were airgapped
  • l
    with puppet 6 and 7's ability to run in srv_domain and load balance, you can horizontally scale to a degree that not running a compiler cluster is not a great choice
  • s
    This message was deleted.
    a
    l
    • 3
    • 29
  • s
    Hi, I'm new to puppet text manipulation, probably an easy one, but i can't seem to find the elegant way like in Python How can I append a string to the end of every item in a list?
  • l
    you want the map function, be aware you cannot reassign to the same variable in puppet more then once
  • l
    so you would be creating a new variable from it
  • l
    https://puppet.com/docs/puppet/6/function.html#map
    Copy code
    $new_array = $original_array.map |$element| { "${element}-new" }
    or something close to it
    đź‘Ť 1
  • l
    https://puppet.com/docs/puppet/6/function.html#map
    Copy code
    $new_array = $original_array.map |$element| { "${element}-new" }
    or something close to it
  • s
    This message was deleted.
    l
    r
    • 3
    • 4
  • c
    Well, to be fair… it was a recommendation at one point, but that “point” was on 2.7
  • c
    What’s that…. 11 years ago now?
  • a
    I need to have a puppet agent that is FIPS enable deployed to a set of hosts when they first check in. How would I get the master to know that needs to be the agent version installed? I've looked at the https://puppet.com/docs/pe/2019.8/installing_agents.html and followed the instructions but when I drop a new tarball in the staging directory, nothing seems to happen (I put puppet-agent-redhatfips-8-x86_64.tar.gz in there to try to update from 6.22) but the curl command to install.bash still tried to install the 6.22 version - same as the server/master. Other than dropping the tarball in staging, what else do I need to do and what should I see to verify it worked?
  • c
    Have you added it to your supported platforms in the PE Console ?
  • c
    I don’t know offhand if FIPS is explicitly supported there, but I always enable my agents there.
  • c
  • a
    I did setup the class - actually tried with a base RHEL 6.24 first - but when I did the curl for install.bash, it just tries to load the 6.22 version. From what I read in the link that I provided, the master should update itself to whatever is in the staging directory but it doesn't look like it did. Installing the agent by hand from the console isn't really an option as we have potentially 20+ hosts that may need the FIPS and 80+ hosts that will be non-FIPS.
  • s
    This message was deleted.
    a
    v
    • 3
    • 5
1...808182...428Latest