I'm having a problem with my agent running not being able to backup the changed files to the archive server which is set as the master. It is only one host as I have 9 other agents connected to this server and they all work perfectly fine being able to archive the files just fine. I tried to manually change the archive_files = false in the puppet.conf on this host but it doesn't seem to care about that as it still failed - unless the conf is changed before the agent run starts? So how can I either figure out what is causing it to fail - the log is no help - or how do I completely disable the archive just for this host?

There an easy way to convert Puppet query json output to xml?

This message was deleted.

xml is awful

Back in the day when I ran NFS, I wrote a

user::function::add_system_user

defined type which depends on an

ensure_resource ( user, ... )

. It sets the gid to the $uid. Recent upgrades have created a conflict for the uid I set for my mysql user. As a work-around I have added to my hiera data a new key,

user::application::mysql::fix_uid

, with a boolean value. I had hoped that passing an undef to the

uid =>

attribute of the

user

resource would communicate to puppet that I want the underlying OS to sort out the uid for this user. Although this behavior is not documented, I hoped it would be worth a try. But now I am getting

Parameter gid failed on Group[mysql]: Invalid GID

. Any thoughts on how I might resolve this?

Back in the day when I ran NFS, I wrote a

user::function::add_system_user

defined type which depends on an

ensure_resource ( user, ... )

. It sets the gid to the $uid. Recent upgrades have created a conflict for the uid I set for my mysql user. As a work-around I have added to my hiera data a new key,

user::application::mysql::fix_uid

, with a boolean value. I had hoped that passing an undef to the

uid =>

attribute of the

user

resource would communicate to puppet that I want the underlying OS to sort out the uid for this user. But now I am getting

Parameter gid failed on Group[mysql]: Invalid GID

. Any thoughts on how I might resolve this?

Back in the day when I ran NFS, I wrote a

user::function::add_system_user

defined type which depends on an

ensure_resource ( user, ... )

. It sets the gid to the $uid. Recent upgrades have created a conflict for the uid I set for my mysql user. As a work-around I have added to my hiera data a new key,

user::application::mysql::fix_uid

, with a boolean value. I had hoped that passing an undef to the

uid =>

attribute of the

user

resource would communicate to puppet that I want the underlying OS to sort out the uid for this user (although this behavior is not documented, but I thought it would be worth a try). But now I am getting

Parameter gid failed on Group[mysql]: Invalid GID

. Any thoughts on how I might resolve this?

Back in the day when I ran NFS, I wrote a

user::function::add_system_user

defined type which depends on an

ensure_resource ( user, ... )

. It sets the gid to the $uid. Recent upgrades have created a conflict for the uid I set for my mysql user. As a work-around I have added to my hiera data a new key,

user::application::mysql::fix_uid

, with a boolean value. I had hoped that passing an undef to the

uid =>

attribute of the

user

resource would communicate to puppet that I want the underlying OS to sort out the uid for this user. Although this behavior is not documented, I hoped it would be worth a try. But now I am getting

Parameter gid failed on Group[mysql]: Invalid GID

. Any thoughts on how I might resolve this?

This message was deleted.

I have a wrapper class between hiera and the defined type which is performing the

lookup

. And yes, it uses an explicit call to that

lookup

function.

This message was deleted.

it's currently not public, they're still working on the algorithm before making the metrics public I believe @binford2k

This message was deleted.

Is there a simple way to include a class in a manifest as if it were just code in the same file? We have a firewall wrapper that uses the correct module based on what firewall we want to use for a particular system:

define fw::rules (
  String $ruleset,
  Hash $rule,
  String[1] $comment           = $title,
  Optional[Integer] $priority  = undef,
  Boolean $ipv4                = true,
  Boolean $ipv6                = false,
  String[1] $provider          = lookup('fw::provider'),
  Array[Hash] $networks_v4     = lookup("fw::rules::${ruleset}::networks_v4"),
  Array[Hash] $networks_v6     = lookup("fw::rules::${ruleset}::networks_v6"),
) {
  if (! $priority ) {
    case $rule['action'] {
      'accept': {
        $_priority = 400
      }
      'reject': {
        $_priority = 300
      }
      default: {
        $_priority = 900
      }
    }
  } else {
    $_priority = $priority
  }

  case $provider {
    'iptables': {
      if ($ipv4) {
        $networks_v4.each |Integer $index, Hash[String, Optional[String]] $src| {
          $_order = String.new($index, '%02d')
          firewall{"${_priority} (${ruleset}-${_order}) ${comment} from ${src['name']}":
            source => $src['network'],
            *      => $rule,
          }
        }
      }
      if ($ipv6) {
        $networks_v6.each |Integer $index, Hash[String, Optional[String]] $src| {
          $_order = String.new($index, '%02d')
          firewall{"${_priority} IPv6 (${ruleset}-${_order}) ${comment} from ${src['name']}":
            provider => 'ip6tables',
            source   => $src['network'],
            *        => $rule,
          }
        }
      }
    }

    'firewalld': {
      ...
    }
    'firewall_cmd': {
      ...
    }
    'csf': {
      ...
    }
    default: {
      fail("Unsupported fw provider '${provider}'")
    }
  }
}

To keep this file maintainable, I would love to do something like this:

define fw::rules (
  String $ruleset,
  Hash $rule,
  String[1] $comment           = $title,
  Optional[Integer] $priority  = undef,
  Boolean $ipv4                = true,
  Boolean $ipv6                = false,
  String[1] $provider          = lookup('fw::provider'),
  Array[Hash] $networks_v4     = lookup("fw::rules::${ruleset}::networks_v4"),
  Array[Hash] $networks_v6     = lookup("fw::rules::${ruleset}::networks_v6"),
) {
  if (! $priority ) {
    case $rule['action'] {
      'accept': {
        $_priority = 400
      }
      'reject': {
        $_priority = 300
      }
      default: {
        $_priority = 900
      }
    }
  } else {
    $_priority = $priority
  }

  include "fw::${provider}::rules"
}

Is there a way to have the included class automatically have access to all the current variables?

Is there a simple way to include a class in a manifest as if it were just code in the same file? We have a firewall wrapper that uses the correct module based on what firewall we want to use for a particular system:

define fw::rules (
  String $ruleset,
  Hash $rule,
  String[1] $comment           = $title,
  Optional[Integer] $priority  = undef,
  Boolean $ipv4                = true,
  Boolean $ipv6                = false,
  String[1] $provider          = lookup('fw::provider'),
  Array[Hash] $networks_v4     = lookup("fw::rules::${ruleset}::networks_v4"),
  Array[Hash] $networks_v6     = lookup("fw::rules::${ruleset}::networks_v6"),
) {
  if (! $priority ) {
    case $rule['action'] {
      'accept': {
        $_priority = 400
      }
      'reject': {
        $_priority = 300
      }
      default: {
        $_priority = 900
      }
    }
  } else {
    $_priority = $priority
  }

  case $provider {
    'iptables': {
      if ($ipv4) {
        $networks_v4.each |Integer $index, Hash[String, Optional[String]] $src| {
          $_order = String.new($index, '%02d')
          firewall{"${_priority} (${ruleset}-${_order}) ${comment} from ${src['name']}":
            source => $src['network'],
            *      => $rule,
          }
        }
      }
      if ($ipv6) {
        $networks_v6.each |Integer $index, Hash[String, Optional[String]] $src| {
          $_order = String.new($index, '%02d')
          firewall{"${_priority} IPv6 (${ruleset}-${_order}) ${comment} from ${src['name']}":
            provider => 'ip6tables',
            source   => $src['network'],
            *        => $rule,
          }
        }
      }
    }

    'firewalld': {
      ...
    }
    'firewall_cmd': {
      ...
    }
    'csf': {
      ...
    }
    default: {
      fail("Unsupported fw provider '${provider}'")
    }
  }
}

To keep this file maintainable, I would love to do something like this:

define fw::rules (
  String $ruleset,
  Hash $rule,
  String[1] $comment           = $title,
  Optional[Integer] $priority  = undef,
  Boolean $ipv4                = true,
  Boolean $ipv6                = false,
  String[1] $provider          = lookup('fw::provider'),
  Array[Hash] $networks_v4     = lookup("fw::rules::${ruleset}::networks_v4"),
  Array[Hash] $networks_v6     = lookup("fw::rules::${ruleset}::networks_v6"),
) {
  if (! $priority ) {
    case $rule['action'] {
      'accept': {
        $_priority = 400
      }
      'reject': {
        $_priority = 300
      }
      default: {
        $_priority = 900
      }
    }
  } else {
    $_priority = $priority
  }

  include "fw::${provider}::rules"
}

Is there a way to have the included class automatically have access to all the current variables? I tried this exact code and it didn't seem to actually do anything.

Is there a simple way to include a class in a manifest as if it were just code in the same file? We have a firewall wrapper that uses the correct module based on what firewall we want to use for a particular system:

define fw::rules (
  String $ruleset,
  Hash $rule,
  String[1] $comment           = $title,
  Optional[Integer] $priority  = undef,
  Boolean $ipv4                = true,
  Boolean $ipv6                = false,
  String[1] $provider          = lookup('fw::provider'),
  Array[Hash] $networks_v4     = lookup("fw::rules::${ruleset}::networks_v4"),
  Array[Hash] $networks_v6     = lookup("fw::rules::${ruleset}::networks_v6"),
) {
  if (! $priority ) {
    case $rule['action'] {
      'accept': {
        $_priority = 400
      }
      'reject': {
        $_priority = 300
      }
      default: {
        $_priority = 900
      }
    }
  } else {
    $_priority = $priority
  }

  case $provider {
    'iptables': {
      if ($ipv4) {
        $networks_v4.each |Integer $index, Hash[String, Optional[String]] $src| {
          $_order = String.new($index, '%02d')
          firewall{"${_priority} (${ruleset}-${_order}) ${comment} from ${src['name']}":
            source => $src['network'],
            *      => $rule,
          }
        }
      }
      if ($ipv6) {
        $networks_v6.each |Integer $index, Hash[String, Optional[String]] $src| {
          $_order = String.new($index, '%02d')
          firewall{"${_priority} IPv6 (${ruleset}-${_order}) ${comment} from ${src['name']}":
            provider => 'ip6tables',
            source   => $src['network'],
            *        => $rule,
          }
        }
      }
    }

    'firewalld': {
      ...
    }
    'firewall_cmd': {
      ...
    }
    'csf': {
      ...
    }
    default: {
      fail("Unsupported fw provider '${provider}'")
    }
  }
}

To keep this file maintainable, I would love to do something like this:

define fw::rules (
  String $ruleset,
  Hash $rule,
  String[1] $comment           = $title,
  Optional[Integer] $priority  = undef,
  Boolean $ipv4                = true,
  Boolean $ipv6                = false,
  String[1] $provider          = lookup('fw::provider'),
  Array[Hash] $networks_v4     = lookup("fw::rules::${ruleset}::networks_v4"),
  Array[Hash] $networks_v6     = lookup("fw::rules::${ruleset}::networks_v6"),
) {
  if (! $priority ) {
    case $rule['action'] {
      'accept': {
        $_priority = 400
      }
      'reject': {
        $_priority = 300
      }
      default: {
        $_priority = 900
      }
    }
  } else {
    $_priority = $priority
  }

  include "fw::${provider}::rules"
}

Is there a way to have the included class automatically have access to all the current variables? I tried this exact code and it didn't seem to actually do anything. The example in the documentation (https://puppet.com/docs/puppet/7/lang_scope.html#lang_scope-local-scopes) makes it seem like it should work, but adding debug statements shows the variables are undefined.

Is there a simple way to include a class in a manifest as if it were just code in the same file? We have a firewall wrapper that uses the correct module based on what firewall we want to use for a particular system:

define fw::rules (
  String $ruleset,
  Hash $rule,
  String[1] $comment           = $title,
  Optional[Integer] $priority  = undef,
  Boolean $ipv4                = true,
  Boolean $ipv6                = false,
  String[1] $provider          = lookup('fw::provider'),
  Array[Hash] $networks_v4     = lookup("fw::rules::${ruleset}::networks_v4"),
  Array[Hash] $networks_v6     = lookup("fw::rules::${ruleset}::networks_v6"),
) {
  if (! $priority ) {
    case $rule['action'] {
      'accept': {
        $_priority = 400
      }
      'reject': {
        $_priority = 300
      }
      default: {
        $_priority = 900
      }
    }
  } else {
    $_priority = $priority
  }

  case $provider {
    'iptables': {
      if ($ipv4) {
        $networks_v4.each |Integer $index, Hash[String, Optional[String]] $src| {
          $_order = String.new($index, '%02d')
          firewall{"${_priority} (${ruleset}-${_order}) ${comment} from ${src['name']}":
            source => $src['network'],
            *      => $rule,
          }
        }
      }
      if ($ipv6) {
        $networks_v6.each |Integer $index, Hash[String, Optional[String]] $src| {
          $_order = String.new($index, '%02d')
          firewall{"${_priority} IPv6 (${ruleset}-${_order}) ${comment} from ${src['name']}":
            provider => 'ip6tables',
            source   => $src['network'],
            *        => $rule,
          }
        }
      }
    }

    'firewalld': {
      ...
    }
    'firewall_cmd': {
      ...
    }
    'csf': {
      ...
    }
    default: {
      fail("Unsupported fw provider '${provider}'")
    }
  }
}

To keep this file maintainable, I would love to do something like this:

define fw::rules (
  String $ruleset,
  Hash $rule,
  String[1] $comment           = $title,
  Optional[Integer] $priority  = undef,
  Boolean $ipv4                = true,
  Boolean $ipv6                = false,
  String[1] $provider          = lookup('fw::provider'),
  Array[Hash] $networks_v4     = lookup("fw::rules::${ruleset}::networks_v4"),
  Array[Hash] $networks_v6     = lookup("fw::rules::${ruleset}::networks_v6"),
) {
  if (! $priority ) {
    case $rule['action'] {
      'accept': {
        $_priority = 400
      }
      'reject': {
        $_priority = 300
      }
      default: {
        $_priority = 900
      }
    }
  } else {
    $_priority = $priority
  }

  include "fw::${provider}::rules"
}

Is there a way to have the included class automatically have access to all the current variables? I tried this exact code and it didn't seem to actually do anything. The example in the documentation (https://puppet.com/docs/puppet/7/lang_scope.html#lang_scope-local-scopes) makes it seem like it should work, but adding debug statements shows the variables are undefined. I really don't want to end up doing something like this:

case $provider {
    'iptables': {
      fw::iptables::rules { $title:
        ruleset     => $ruleset,
        rule        => $rule,
        comment     => $comment,
        priority    => $priority,
        ipv4        => $ipv4,
        ipv6        => $ipv6,
        provider    => $provider,
        networks_v4 => $networks_v4,
        networks_v6 => $networks_v6,
      }
    }

    'firewall_cmd': {
...

message has been deleted

This message was deleted.

what is the output of this

puppet config print |grep report

Specifically you should have

report = true
report_server = <fqdn of puppet server>

This message was deleted.

Sorry, I don't think I made my question clear. I need to call a defined resource from a module but when my onceover runs, it can't find the class

sshkey

because its a defined type in module. So my question is, in Onceover should I be mocking/stubbing them or is there a way I can include the defined types from the module in question?

this what I get, don't have the fqdn

This message was deleted.

This message was deleted.

Oh. Debian. Looks like a cron job.

This message was deleted.

Could someone point me in a direction to solve a problem with my an agent not being able to backup the changed files to the archive server. The puppet.conf is configured properly and I have 10 other hosts on this server that work perfectly fine. The only unique distinction on these two hosts/agents is that they are FIPS enabled. One is running agent v6.22.1 and the other is v6.27.1. I tried to manually change the archive_files = false in the puppet.conf on this host but it doesn't seem to care about that as it still failed? So how can I either figure out what is causing it to fail - the log is no help - or how do I completely disable the archive just for this group/class of hosts?

This message was deleted.

This message was deleted.