[Puppet Users] Announce: Puppet Agent 1.5.2 Available

[Melissa Stone]

Puppet Agent 1.5.2 is now available. This is a bugfix release that includes
and updated Puppet version with a handful of fixes; no other components are
update from the Puppet Agent 1.5.1 release a couple of weeks ago.

Check out the full release notes here:
https://docs.puppet.com/puppet/latest/reference/release_notes_agent.html

To install or upgrade puppet-agent, follow the getting started directions:
http://docs.puppetlabs.com/puppet/latest/reference/index.html
-- 
Melissa Stone
Release Engineer, Puppet Labs
--

PuppetConf 2016 , October 17-21, San Diego,
California
*Early Birds save $350*

-
Register by June 30th

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAHEe_koF1OM08Qtsp99Ya00_%3Dv9Of1qzPUHk4PV_X-EXDg7skQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Trouble creating a release RPM from puppetlabs/puppet source repo

[Matthew Gyurgyik]

I have successfully built the AIO package using the puppetlabs/puppet-agent 
[1] repository from source. I did this because I needed ppc64le packages 
which puppetlabs does not provide. This isn't the easiest process, but not 
terribly difficult if you are comfortable building software.

I wanted to give a presentation about this issue at puppetconf, but my 
proposal was rejected. Anyways, I'd be glad to share more specifics if you 
are interested.


[1] https://github.com/puppetlabs/puppet-agent

On Monday, June 13, 2016 at 8:45:12 AM UTC-4, Matt Larson wrote:
>
> Eric et al,
>
> Thanks again for your help with this!  I realize how crazy it may seem to 
> want to rebuild from source.  My company has become so paranoid of open 
> source software due to recent events, that the infosec team now requires us 
> to vet (as if that's feasible) FOSS source code before bringing in.  Since 
> starting this post, however, I was able to convince the team to bring in 
> the PC1 repo.
>
> As someone else has suggested to me, I will have to revisit with Vanagon 
> and/or the src RPM in the future.   I would like to know how to build these 
> though, so I'll revisit one day for sure. 
>
> Cheers,
> Matt
>
> On Thursday, June 9, 2016 at 3:55:49 PM UTC-4, Eric Sorenson wrote:
>>
>> Matt, I would like to understand this better and help you adopt Puppet 
>> into your environment.
>>
>> This is not a rhetorical question, but it might sound like one: Do you 
>> rebuild your linux distribution from source RPMs? Because that is very 
>> similar to what the AIO Puppet agent bundle is: a mini distribution with 
>> the dependencies ending up in one artifact.
>>
>> People outside Puppet can (and have) successfully rebuilt AIO, and there 
>> are also sucessful packaging efforts that take JUST the Puppet 4 source and 
>> build a standalone RPM from it in the manner of the puppet 3 packages:
>>
>> puppet-4.2.1-3.fc24.src.rpm 
>> 
>>
>> But our recommendation is to use the all-in-one obviously; it's what's 
>> tested extensively and what ships in puppet enterprise. 
>>
>> --eric
>>
>> On Wednesday, June 8, 2016 at 2:01:43 AM UTC-7, Matt Larson wrote:
>>>
>>> Sorry for not getting back soon, Dan.
>>>
>>> Good question.
>>>
>>> I work for a draconian company that only allows installing FOSS after 
>>> our infosec team has vetted the source code and then built from source; an 
>>> impossible hand-waving exercise, I know... but it is what it is.
>>>
>>> On Friday, June 3, 2016 at 2:51:10 PM UTC-4, LinuxDan wrote:

 First Silly Question: Why ?
 What do you need to do that cannot be done with the RPM's from a 
 Puppetlabs repo ?

 Dan White | d_e_...@icloud.com
 
 “Sometimes I think the surest sign that intelligent life exists elsewhere 
 in the universe is that none of it has tried to contact us.”  (Bill 
 Waterson: Calvin & Hobbes)


 On Jun 03, 2016, at 02:44 PM, Matt Larson  wrote:


 I'm trying to create an RPM from source on a stock RHEL6-based 
 (CentOS6) instance, but I'm seeing errors.  I also posted in 
 https://ask.puppet.com/question/26388/trouble-creating-a-release-rpm-from-puppetlabspuppet-source-repo/
  

 The output actually gets pretty far along, but stops at with this 
 error: "install: cannot stat ext/redhat/puppet.conf: no such file or 
 directory". If I fix that problem by manually editing the SPEC file, I 
 just 
 get more errors, so clearly there is no need to go down a rabbit hole 
 since 
 this must work for someone else, right?

 I'm also posted in 
 https://ask.puppet.com/question/26388/trouble-creating-a-release-rpm-from-puppetlabspuppet-source-repo/

 Ideas?

 Thanks in Advance,
 Matt


 -- 
 You received this message because you are subscribed to the Google 
 Groups "Puppet Users" group.
 To unsubscribe from this group and stop receiving emails from it, send 
 an email to puppet-users...@googlegroups.com.
 To view this discussion on the web visit 
 https://groups.google.com/d/msgid/puppet-users/8d532582-be4b-4e58-813e-0e3519043a3f%40googlegroups.com
  
 
 .
 For more options, visit https://groups.google.com/d/optout.



-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/143193da-290e-4f79-baa1-bfe0df67a0cd%40googlegroups.com.
For more 

[Puppet Users] Re: Announcing Puppet Enterprise 2016.2 + New Modules & Integrations

[Bryan Jen]

You're very welcome Brian!

I plan on publishing an update to the ibm_installation_manager module in 
the next few days to address an idempotency issue. As for the websphere 
module, we are hoping to receive some valuable feedback on the 0.2.0 
release we just published to the 
Forge(https://forge.puppet.com/puppetlabs/websphere_application_server). 
Please feel free to contact me with any feedback!

-Bryan 

On Monday, June 13, 2016 at 3:08:21 PM UTC-7, Brian Fekete wrote:
>
> Hey Bryan,
>
> Thanks for your response! I'm excited to see the changes to the module 
> since it's one of the most important modules I use. Is there a ballpark 
> estimate date for when the changes are going to be pushed? 
>
> Awesome! I tested it out on a 2016 PE server earlier last week and saw it 
> was failing. I see that you've made changes recently and plan on checking 
> out the module again.
>
> Thanks,
> Brian Fekete 
>
> On Monday, June 13, 2016 at 4:11:17 PM UTC-4, Bryan Jen wrote:
>>
>> Hi Brian,
>>
>> The new websphere_application_server module builds upon the great start 
>> provided by Josh Beard and adds some important bug fixes and polish to the 
>> defines, types, and providers while maintaining feature parity with the old 
>> module. This is an introductory release in the puppetlabs namespace on the 
>> Forge that provides a foundation for us to iterate and build towards an 
>> eventual supported module.
>>
>> The ibm_installation_manager issue you pointed out was fixed in a recent 
>> refactor I believe. The ibm_pkg provider no longer requires the 'ps' fact. 
>> The PR for this can be found here: 
>> https://github.com/puppetlabs/puppetlabs-ibm_installation_manager/pull/11/files#diff-da882ddff62c30975d57d19358066749L104.
>>  
>> With much gratitude to Corey Osman (@logicminds) for the contribution. This 
>> fix has since been released to the Forge(
>> https://forge.puppet.com/puppetlabs/ibm_installation_manager) and is in 
>> version 0.2.0 and newer.
>>
>> Thanks,
>> Bryan Jen
>>
>> On Monday, June 13, 2016 at 7:33:12 AM UTC-7, Brian Fekete wrote:
>>>
>>> Whats the difference between the old module and the new one? I see 
>>> nothing different except that you changed the module name. 
>>>
>>> Old one: https://forge.puppet.com/joshbeard/websphere
>>> New one: 
>>> https://forge.puppet.com/puppetlabs/websphere_application_server
>>>
>>> Also the IBM installation manager which is a prerequisite to Websphere 
>>> is broken because Puppet removed the ps fact it relied on. 
>>>
>>> On Thursday, June 2, 2016 at 4:23:15 PM UTC-4, Michael Olson wrote:

 Hi everyone - Today, we announced the latest in Puppet Enterprise 
 2016.2 (available beginning later this month), a new set of Puppet modules 
 and integrations, and more from Project Blueshift. These updates continue 
 to make it easier to manage today’s technology while evolving your modern 
 cloud and container practices, in a standard way.

 *Check out What’s New in Puppet Enterprise 2016.2*

- *New change success reporting *- The Puppet Enterprise 2016.2 
release provides a new level of granularity to show which changes that 
 ran 
with a cached catalog were successful, which failed, and which failed 
 but 
were able to revert to the last known, good state. This means that you 
 can 
get a clearer sense of how failures affect the environments you are 
managing.
- *Classify nodes in Puppet Enterprise web UI based on structured 
and trusted facts *- Without granular access to metadata about 
infrastructure, it can be challenging to classify and manage servers 
efficiently and make rapid changes. The Puppet Enterprise node 
 classifier 
web UI now consumes richer metadata about infrastructure so nodes can 
 be 
segmented with more granularity to drive change more quickly, 
 efficiently 
and with greater consistency.

 *You can register for our upcoming webinar to learn more about what's 
 new: *http://info.puppet.com/2150-Whats-New-in-PE-2016.1-Register.html

 *A Common Language and Data Center Standard*

 We've also added to the broad range of technology you can manage with 
 Puppet through new integrations and modules for:

- *IBM z Systems and LinuxONE* - In partnership with IBM, we'll 
have a new agent to manage Linux VMs on IBM z Systems and LinuxONE.
- *WebSphere -* We help simplify the management of WebSphere with a 
new module that provides a repeatable and consistent process for 
 deploying 
WebSphere, including deployment managers, application servers, and IBM 
 HTTP 
Servers (IHS) for WebSphere Application Server.
- *Cisco* - With the latest release of the Puppet Supported Cisco 
module, we’ve added support for the 5k, 6k, and 7k line of Cisco Nexus 
switches, in addition to 

[Puppet Users] Accessing puppet node facts in report processor

[Daniel Scott]

Hi,

Is there a way to access a puppet node's facts in a report processor?

We have nodes which are part of auto scaling groups in AWS, so there are, 
several nodes which are all the same 'type'. We expose this type as a fact 
on the nodes themselves, and I would like to use the type in a report 
processor to send events back to a central server. Is there a way to access 
a node's facts from the report processor?

Or is there a different/better way of obtaining additional node information 
in the report processor?

Thanks,

Dan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/b1a06591-cb24-4aa3-8952-ebc2bee621d3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re-enrolling clients after major version upgrade

[Bret Wortman]

Well, I _thought_ it helped. Many systems are connecting fine, others are 
still getting a different ca.pem file. I suspect for some reason the server 
is getting its copy overwritten somehow. I'm going to keep an eye on it now.

On Tuesday, June 14, 2016 at 10:07:13 AM UTC-4, Bret Wortman wrote:
>
> I did the following (which I'd done before) and it seems to have helped:
>
> # puppet resource service upppetserver ensure=stopped
> # rm -rf /etc/puppetlabs/puppet/ssl
> # puppet cert list -a
> # puppet master --no-daemonize --verbose
> ^C
> # puppet resource servcie puppetserver ensure=running
> #
>
>
>
> On Tuesday, June 14, 2016 at 9:50:44 AM UTC-4, Christopher Wood wrote:
>>
>> To your specific issue, it looks like your agent's CA cert doesn't match 
>> the issuer of the new puppetmaster's CA cert ("unable to get local issuer 
>> certificate"). If I recall correctly, an agent without a CA cert will 
>> download one from the puppetmaster the first time and thereafter check it. 
>> You might check the cert chains to see what's going on, or if you 
>> downloaded the CA cert at all. 
>>
>> Otherwise I noticed this bit: 
>>
>> # rpm -rf /var/lib/puppet/ssl /etc/puppet/ssl /etc/puppetlabs/puppet/ssl 
>> # ssh puppet puppet cert list host.internal.net 
>> Error: Could not find a certificate for host.internal.net 
>>
>> Is it supposed to say rpm not rm? I Presume it's just the logging which 
>> is removing the quotes too. 
>>
>> Rhubarbing more generally, I had some success syncing the ssl directory 
>> during our own 3->4 update. I never found a reason to use a new cert for 
>> the same host when I already had one. 
>>
>> file { '/etc/puppetlabs/puppet/ssl': 
>>   ensure   => directory, 
>>   backup   => false, 
>>   recurse  => true, 
>>   recurselimit => 99, 
>>   require  => Package[$package], 
>>   source   => '/var/lib/puppet/ssl', 
>> } 
>>
>> The catalog with that class was only a during-update thing, of course. 
>>
>> if versioncmp($::puppetversion, '4.0.0') >= 0 { 
>>   include "role::${::stype}" 
>> } 
>> else { 
>>   include ::puppet_upgrade 
>> } 
>>
>> Otherwise you could: 
>>
>> rsync -a --delete /var/lib/puppet/ssl /etc/puppetlabs/puppet/ 
>>
>> On Tue, Jun 14, 2016 at 06:39:13AM -0700, Bret Wortman wrote: 
>> >So I'm trying to use Ansible to automate the process of re-enrolling 
>> all 
>> >my systems after the upgrade from 3.8.6 to 4.3, and many (though not 
>> all) 
>> >of my clients are reporting thusly: 
>> ># rpm -rf /var/lib/puppet/ssl /etc/puppet/ssl 
>> /etc/puppetlabs/puppet/ssl 
>> ># ssh puppet puppet cert list host.internal.net 
>> >Error: Could not find a certificate for host.internal.net 
>> ># puppet agent -t --noop 
>> >Info: Creating a new SSL key for host.internal.net 
>> >Info: Caching certificate for ca 
>> >Info: csr_attributes file loading from 
>> /etc/puppet/csr_attributes.yaml 
>> >Info: Creating a new SSL certificate request for host.internal.net 
>> >Info: Certificate Request fingerprint (SHA256): 75:6A:17:... 
>> >Info: Caching certificate for host.internal.net 
>> >Error: Could not request certificate: SSL_connect returned=1 errno=0 
>> >state=SSLv3 read server certificate B: certificate verify failed: 
>> [unable 
>> >to get local issuer certificate for /CN=puppet.internal.net] 
>> >Exiting: failed to retrieve certificate and waitforcert is disabled 
>> ># ssh root@puppet puppet cert list -a | grep host.internal.net 
>> >+ "host.internal.net" (SHA256) 42:AF:68:... 
>> ># puppet agent --version 
>> >3.8.6 
>> ># 
>> >I'm having success on other 3.8.6 clients and others as far back as 
>> 3.8.1. 
>> >What's going on here that I'm not understanding? 
>> > 
>> >-- 
>> >You received this message because you are subscribed to the Google 
>> Groups 
>> >"Puppet Users" group. 
>> >To unsubscribe from this group and stop receiving emails from it, 
>> send an 
>> >email to [1]puppet-users...@googlegroups.com. 
>> >To view this discussion on the web visit 
>> >[2]
>> https://groups.google.com/d/msgid/puppet-users/6717bc33-381d-4890-90c0-a9be684dc9e5%40googlegroups.com.
>>  
>>
>> >For more options, visit [3]https://groups.google.com/d/optout. 
>> > 
>> > References 
>> > 
>> >Visible links 
>> >1. mailto:puppet-users+unsubscr...@googlegroups.com 
>> >2. 
>> https://groups.google.com/d/msgid/puppet-users/6717bc33-381d-4890-90c0-a9be684dc9e5%40googlegroups.com?utm_medium=email_source=footer
>>  
>> >3. https://groups.google.com/d/optout 
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/b5e26345-3f5e-440e-b6d1-7e56470b3355%40googlegroups.com.
For 

Re: [Puppet Users] Re-enrolling clients after major version upgrade

[Bret Wortman]

I did the following (which I'd done before) and it seems to have helped:

# puppet resource service upppetserver ensure=stopped
# rm -rf /etc/puppetlabs/puppet/ssl
# puppet cert list -a
# puppet master --no-daemonize --verbose
^C
# puppet resource servcie puppetserver ensure=running
#



On Tuesday, June 14, 2016 at 9:50:44 AM UTC-4, Christopher Wood wrote:
>
> To your specific issue, it looks like your agent's CA cert doesn't match 
> the issuer of the new puppetmaster's CA cert ("unable to get local issuer 
> certificate"). If I recall correctly, an agent without a CA cert will 
> download one from the puppetmaster the first time and thereafter check it. 
> You might check the cert chains to see what's going on, or if you 
> downloaded the CA cert at all. 
>
> Otherwise I noticed this bit: 
>
> # rpm -rf /var/lib/puppet/ssl /etc/puppet/ssl /etc/puppetlabs/puppet/ssl 
> # ssh puppet puppet cert list host.internal.net 
> Error: Could not find a certificate for host.internal.net 
>
> Is it supposed to say rpm not rm? I Presume it's just the logging which is 
> removing the quotes too. 
>
> Rhubarbing more generally, I had some success syncing the ssl directory 
> during our own 3->4 update. I never found a reason to use a new cert for 
> the same host when I already had one. 
>
> file { '/etc/puppetlabs/puppet/ssl': 
>   ensure   => directory, 
>   backup   => false, 
>   recurse  => true, 
>   recurselimit => 99, 
>   require  => Package[$package], 
>   source   => '/var/lib/puppet/ssl', 
> } 
>
> The catalog with that class was only a during-update thing, of course. 
>
> if versioncmp($::puppetversion, '4.0.0') >= 0 { 
>   include "role::${::stype}" 
> } 
> else { 
>   include ::puppet_upgrade 
> } 
>
> Otherwise you could: 
>
> rsync -a --delete /var/lib/puppet/ssl /etc/puppetlabs/puppet/ 
>
> On Tue, Jun 14, 2016 at 06:39:13AM -0700, Bret Wortman wrote: 
> >So I'm trying to use Ansible to automate the process of re-enrolling 
> all 
> >my systems after the upgrade from 3.8.6 to 4.3, and many (though not 
> all) 
> >of my clients are reporting thusly: 
> ># rpm -rf /var/lib/puppet/ssl /etc/puppet/ssl 
> /etc/puppetlabs/puppet/ssl 
> ># ssh puppet puppet cert list host.internal.net 
> >Error: Could not find a certificate for host.internal.net 
> ># puppet agent -t --noop 
> >Info: Creating a new SSL key for host.internal.net 
> >Info: Caching certificate for ca 
> >Info: csr_attributes file loading from 
> /etc/puppet/csr_attributes.yaml 
> >Info: Creating a new SSL certificate request for host.internal.net 
> >Info: Certificate Request fingerprint (SHA256): 75:6A:17:... 
> >Info: Caching certificate for host.internal.net 
> >Error: Could not request certificate: SSL_connect returned=1 errno=0 
> >state=SSLv3 read server certificate B: certificate verify failed: 
> [unable 
> >to get local issuer certificate for /CN=puppet.internal.net] 
> >Exiting: failed to retrieve certificate and waitforcert is disabled 
> ># ssh root@puppet puppet cert list -a | grep host.internal.net 
> >+ "host.internal.net" (SHA256) 42:AF:68:... 
> ># puppet agent --version 
> >3.8.6 
> ># 
> >I'm having success on other 3.8.6 clients and others as far back as 
> 3.8.1. 
> >What's going on here that I'm not understanding? 
> > 
> >-- 
> >You received this message because you are subscribed to the Google 
> Groups 
> >"Puppet Users" group. 
> >To unsubscribe from this group and stop receiving emails from it, 
> send an 
> >email to [1]puppet-users...@googlegroups.com . 
> >To view this discussion on the web visit 
> >[2]
> https://groups.google.com/d/msgid/puppet-users/6717bc33-381d-4890-90c0-a9be684dc9e5%40googlegroups.com.
>  
>
> >For more options, visit [3]https://groups.google.com/d/optout. 
> > 
> > References 
> > 
> >Visible links 
> >1. mailto:puppet-users+unsubscr...@googlegroups.com  
> >2. 
> https://groups.google.com/d/msgid/puppet-users/6717bc33-381d-4890-90c0-a9be684dc9e5%40googlegroups.com?utm_medium=email_source=footer
>  
> >3. https://groups.google.com/d/optout 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/982043b7-f278-486b-966a-55d008bd6f79%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re-enrolling clients after major version upgrade

[Christopher Wood]

To your specific issue, it looks like your agent's CA cert doesn't match the 
issuer of the new puppetmaster's CA cert ("unable to get local issuer 
certificate"). If I recall correctly, an agent without a CA cert will download 
one from the puppetmaster the first time and thereafter check it. You might 
check the cert chains to see what's going on, or if you downloaded the CA cert 
at all.

Otherwise I noticed this bit:

# rpm -rf /var/lib/puppet/ssl /etc/puppet/ssl /etc/puppetlabs/puppet/ssl
# ssh puppet puppet cert list host.internal.net
Error: Could not find a certificate for host.internal.net

Is it supposed to say rpm not rm? I Presume it's just the logging which is 
removing the quotes too.

Rhubarbing more generally, I had some success syncing the ssl directory during 
our own 3->4 update. I never found a reason to use a new cert for the same host 
when I already had one.

file { '/etc/puppetlabs/puppet/ssl':
  ensure   => directory,
  backup   => false,
  recurse  => true,
  recurselimit => 99,
  require  => Package[$package],
  source   => '/var/lib/puppet/ssl',
}

The catalog with that class was only a during-update thing, of course.

if versioncmp($::puppetversion, '4.0.0') >= 0 {
  include "role::${::stype}"
}
else {
  include ::puppet_upgrade
}

Otherwise you could:

rsync -a --delete /var/lib/puppet/ssl /etc/puppetlabs/puppet/

On Tue, Jun 14, 2016 at 06:39:13AM -0700, Bret Wortman wrote:
>So I'm trying to use Ansible to automate the process of re-enrolling all
>my systems after the upgrade from 3.8.6 to 4.3, and many (though not all)
>of my clients are reporting thusly:
># rpm -rf /var/lib/puppet/ssl /etc/puppet/ssl /etc/puppetlabs/puppet/ssl
># ssh puppet puppet cert list host.internal.net
>Error: Could not find a certificate for host.internal.net
># puppet agent -t --noop
>Info: Creating a new SSL key for host.internal.net
>Info: Caching certificate for ca
>Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
>Info: Creating a new SSL certificate request for host.internal.net
>Info: Certificate Request fingerprint (SHA256): 75:6A:17:...
>Info: Caching certificate for host.internal.net
>Error: Could not request certificate: SSL_connect returned=1 errno=0
>state=SSLv3 read server certificate B: certificate verify failed: [unable
>to get local issuer certificate for /CN=puppet.internal.net]
>Exiting: failed to retrieve certificate and waitforcert is disabled
># ssh root@puppet puppet cert list -a | grep host.internal.net
>+ "host.internal.net" (SHA256) 42:AF:68:...
># puppet agent --version
>3.8.6
>#
>I'm having success on other 3.8.6 clients and others as far back as 3.8.1.
>What's going on here that I'm not understanding?
> 
>--
>You received this message because you are subscribed to the Google Groups
>"Puppet Users" group.
>To unsubscribe from this group and stop receiving emails from it, send an
>email to [1]puppet-users+unsubscr...@googlegroups.com.
>To view this discussion on the web visit
>
> [2]https://groups.google.com/d/msgid/puppet-users/6717bc33-381d-4890-90c0-a9be684dc9e5%40googlegroups.com.
>For more options, visit [3]https://groups.google.com/d/optout.
> 
> References
> 
>Visible links
>1. mailto:puppet-users+unsubscr...@googlegroups.com
>2. 
> https://groups.google.com/d/msgid/puppet-users/6717bc33-381d-4890-90c0-a9be684dc9e5%40googlegroups.com?utm_medium=email_source=footer
>3. https://groups.google.com/d/optout

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/20160614135035.GA7666%40iniquitous.heresiarch.ca.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re-enrolling clients after major version upgrade

[Bret Wortman]

So I'm trying to use Ansible to automate the process of re-enrolling all my 
systems after the upgrade from 3.8.6 to 4.3, and many (though not all) of 
my clients are reporting thusly:

# *rpm -rf /var/lib/puppet/ssl /etc/puppet/ssl /etc/puppetlabs/puppet/ssl*
# *ssh puppet puppet cert list host.internal.net*
Error: Could not find a certificate for host.internal.net
# *puppet agent -t --noop*
Info: Creating a new SSL key for host.internal.net
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for host.internal.net
Info: Certificate Request fingerprint (SHA256): 75:6A:17:...
Info: Caching certificate for host.internal.net
Error: Could not request certificate: SSL_connect returned=1 errno=0 
state=SSLv3 read server certificate B: certificate verify failed: [unable 
to get local issuer certificate for /CN=puppet.internal.net]
Exiting: failed to retrieve certificate and waitforcert is disabled
# *ssh root@puppet puppet cert list -a | grep host.internal.net*
+ "host.internal.net" (SHA256) 42:AF:68:...
# *puppet agent --version*
3.8.6
#

I'm having success on other 3.8.6 clients and others as far back as 3.8.1. 
What's going on here that I'm not understanding?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/6717bc33-381d-4890-90c0-a9be684dc9e5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Trouble creating a release RPM from puppetlabs/puppet source repo

[jcbollinger]

On Monday, June 13, 2016 at 7:45:12 AM UTC-5, Matt Larson wrote:
>
> Eric et al,
>
> Thanks again for your help with this!  I realize how crazy it may seem to 
> want to rebuild from source.  My company has become so paranoid of open 
> source software due to recent events,
>


At the risk of taking this a bit off-topic, which "recent events" are they 
that make your company hypervigilant about open-source software?

More on-topic: perhaps your company would prefer to license Puppet PE over 
devoting resources to vetting the open-source release.  I mean, when they 
pay for OS X, surely they don't perform a source-level review of the 
underlying BSD-licensed kernel and utilities.  Similarly with all the 
devices they buy that have Linux inside.  And of course, there can be no 
question of demanding to review the source of the many closed-source 
applications they use.  So if the distinguishing characteristic determining 
whether they want to review is whether they've spent money, then I'm 
confident that Puppet, Inc. would be pleased to help solve your problem by 
accepting money in exchange for PE.  It's a win-win!


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/569b4f99-d85c-4c9e-9da9-bd1799557c6b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Keeping compile masters consistent

[Matthew Nicholson]

We push r10k runs via consul execs from Jenkins, and after and only after a
successful update, invalidate the environment cache(for the given
environment), so even if a deploy fails , the master(s) will keep serving
the "old" version as opposed to an incomplete deploy.
On Tue, Jun 14, 2016 at 7:52 AM Martin Alfke  wrote:

> Most implementations make use of config_version setting in
> environment.conf (or globally in puppet.conf) to identify systems with
> outdated puppet code
>
> On 14 Jun 2016, at 13:50, Geoff Galitz  wrote:
>
> >
> >
> > Cool.. I'm specifically interested in knowing how people  deal with
> compile servers that do not update their local version of the puppet tree
> properly and how to prevent them serving stale or broken catalogs.
> >
> > -G
> >
> >
> >
> > On Tue, Jun 14, 2016 at 1:42 PM, Peter M Souter 
> wrote:
> > I've seen a few ways of doing this:
> >
> > - Running lsyncd to watch for changes to code on the MoM
> > - Rsync task on demand when the master is updated, maybe with something
> like incrond or just with scripting or Jenkins tasks
> > - The R10K mco task from acidprime/r10k
> https://github.com/acidprime/r10k#mcollective-support
> >
> > You can probably go for something more heavyweight with glusterfs, but I
> like to keep it simple :)
> >
> >
> > On Tuesday, 14 June 2016 11:49:01 UTC+1, Geoff Galitz wrote:
> >
> > Hi folks.
> >
> > I'm curious what approaches you take towards making sure the puppet tree
> is consistent across distributed compile masters?  In PE this would be code
> manager's job, I believe.  What do the FOSS folks use?
> >
> > I was contemplating using zookeeper for this.
> >
> > -G
> >
> >
> > --
> >
> >
> > Geoff Galitz, Systems Engineer
> > Shutterstock GmbH
> > Greifswalder Strasse 212
> > Aufgang F, 2 Hof
> > 10405 Berlin
> >
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to puppet-users+unsubscr...@googlegroups.com.
> > To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/ad4530c7-7ef8-4baa-9b12-935155eea26d%40googlegroups.com
> .
> > For more options, visit https://groups.google.com/d/optout.
> >
> >
> >
> > --
> >
> >
> > Geoff Galitz, Systems Engineer
> > Shutterstock GmbH
> > Greifswalder Strasse 212
> > Aufgang F, 2 Hof
> > 10405 Berlin
> >
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to puppet-users+unsubscr...@googlegroups.com.
> > To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CABiayTB8GbcepTGk416RRJRCAYjogUssyszcv4ZwD3fm3sH%2BXw%40mail.gmail.com
> .
> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/3C0552E2-E0CB-4745-8D8D-86F6ECE08F27%40gmail.com
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CA%2BnEbkY%2BCTG4wKVMyHT214Q%3Dz1Xd1YQh4HB3ZALZhvA-1%2Bying%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Keeping compile masters consistent

[Martin Alfke]

Most implementations make use of config_version setting in environment.conf (or 
globally in puppet.conf) to identify systems with outdated puppet code

On 14 Jun 2016, at 13:50, Geoff Galitz  wrote:

> 
> 
> Cool.. I'm specifically interested in knowing how people  deal with compile 
> servers that do not update their local version of the puppet tree properly 
> and how to prevent them serving stale or broken catalogs.
> 
> -G
> 
> 
> 
> On Tue, Jun 14, 2016 at 1:42 PM, Peter M Souter  wrote:
> I've seen a few ways of doing this:
> 
> - Running lsyncd to watch for changes to code on the MoM
> - Rsync task on demand when the master is updated, maybe with something like 
> incrond or just with scripting or Jenkins tasks
> - The R10K mco task from acidprime/r10k 
> https://github.com/acidprime/r10k#mcollective-support
> 
> You can probably go for something more heavyweight with glusterfs, but I like 
> to keep it simple :)
> 
> 
> On Tuesday, 14 June 2016 11:49:01 UTC+1, Geoff Galitz wrote:
> 
> Hi folks.
> 
> I'm curious what approaches you take towards making sure the puppet tree is 
> consistent across distributed compile masters?  In PE this would be code 
> manager's job, I believe.  What do the FOSS folks use?
> 
> I was contemplating using zookeeper for this.
> 
> -G
> 
> 
> -- 
> 
> 
> Geoff Galitz, Systems Engineer
> Shutterstock GmbH
> Greifswalder Strasse 212
> Aufgang F, 2 Hof
> 10405 Berlin
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/ad4530c7-7ef8-4baa-9b12-935155eea26d%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
> 
> 
> 
> -- 
> 
> 
> Geoff Galitz, Systems Engineer
> Shutterstock GmbH
> Greifswalder Strasse 212
> Aufgang F, 2 Hof
> 10405 Berlin
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/CABiayTB8GbcepTGk416RRJRCAYjogUssyszcv4ZwD3fm3sH%2BXw%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/3C0552E2-E0CB-4745-8D8D-86F6ECE08F27%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Keeping compile masters consistent

[Geoff Galitz]

Cool.. I'm specifically interested in knowing how people  deal with compile
servers that do not update their local version of the puppet tree properly
and how to prevent them serving stale or broken catalogs.

-G



On Tue, Jun 14, 2016 at 1:42 PM, Peter M Souter  wrote:

> I've seen a few ways of doing this:
>
> - Running lsyncd to watch for changes to code on the MoM
> - Rsync task on demand when the master is updated, maybe with something
> like incrond or just with scripting or Jenkins tasks
> - The R10K mco task from acidprime/r10k
> https://github.com/acidprime/r10k#mcollective-support
>
> You can probably go for something more heavyweight with glusterfs, but I
> like to keep it simple :)
>
>
> On Tuesday, 14 June 2016 11:49:01 UTC+1, Geoff Galitz wrote:
>>
>>
>> Hi folks.
>>
>> I'm curious what approaches you take towards making sure the puppet tree
>> is consistent across distributed compile masters?  In PE this would be code
>> manager's job, I believe.  What do the FOSS folks use?
>>
>> I was contemplating using zookeeper for this.
>>
>> -G
>>
>>
>> --
>>
>>
>> Geoff Galitz, Systems Engineer
>> Shutterstock GmbH
>> Greifswalder Strasse 212
>> Aufgang F, 2 Hof
>> 10405 Berlin
>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/ad4530c7-7ef8-4baa-9b12-935155eea26d%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 


Geoff Galitz, Systems Engineer
Shutterstock GmbH
Greifswalder Strasse 212
Aufgang F, 2 Hof
10405 Berlin

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CABiayTB8GbcepTGk416RRJRCAYjogUssyszcv4ZwD3fm3sH%2BXw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Keeping compile masters consistent

[Peter M Souter]

I've seen a few ways of doing this:

- Running lsyncd to watch for changes to code on the MoM
- Rsync task on demand when the master is updated, maybe with something 
like incrond or just with scripting or Jenkins tasks
- The R10K mco task from acidprime/r10k 
https://github.com/acidprime/r10k#mcollective-support

You can probably go for something more heavyweight with glusterfs, but I 
like to keep it simple :)

On Tuesday, 14 June 2016 11:49:01 UTC+1, Geoff Galitz wrote:
>
>
> Hi folks.
>
> I'm curious what approaches you take towards making sure the puppet tree 
> is consistent across distributed compile masters?  In PE this would be code 
> manager's job, I believe.  What do the FOSS folks use?
>
> I was contemplating using zookeeper for this.
>
> -G
>
>
> -- 
>
>
> Geoff Galitz, Systems Engineer
> Shutterstock GmbH
> Greifswalder Strasse 212
> Aufgang F, 2 Hof
> 10405 Berlin
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/ad4530c7-7ef8-4baa-9b12-935155eea26d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Keeping compile masters consistent

[Geoff Galitz]

Hi folks.

I'm curious what approaches you take towards making sure the puppet tree is
consistent across distributed compile masters?  In PE this would be code
manager's job, I believe.  What do the FOSS folks use?

I was contemplating using zookeeper for this.

-G


-- 


Geoff Galitz, Systems Engineer
Shutterstock GmbH
Greifswalder Strasse 212
Aufgang F, 2 Hof
10405 Berlin

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CABiayTDXENGyGndW_SZpVw3O2EKyeGJz-%2BA64yFRo7JPDQuGEA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.