[Puppet Users] Announcement: Puppet Development Kit RFC process and pdk-planning repo
The Puppet Development Kit team is excited to introduce a new RFC-based open-source planning and design process for the PDK project! While many changes to the PDK, including bug fixes and documentation improvements can be implemented and reviewed via the normal GitHub pull request workflow, some changes are more substantial. Today, we are committing to putting these more substantial features through an “in the open” design process prior to implementation work starting. This new design process is similar to the internal process that we had been using, with the primary difference being that the whole PDK community will be able to participate in the new process. We welcome and encourage feedback from all members of the PDK community, whether you just started using Puppet and PDK last week or have been working with Puppet for years. A diversity of perspectives and experience levels will help make PDK better for everyone. You can learn more about our new RFC process as well as review recently introduced proposals from the PDK team in the new “pdk-planning” Github repository located at https://github.com/puppetlabs/pdk-planning. Thanks! -- The PDK Team -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAJEWz_uxYQsYuSuH4S%3DZPqPjsSAynxAeo5zn6zVwXD-jDXK7rw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Check existence of a hierarchy
Ben Ford wrote: > What you're looking for is the dig() function. > https://puppet.com/docs/puppet/latest/function.html#dig > > $profiles.dig('vpn', 'openvpn', 'instances', 'client') > > On Wed, Jul 11, 2018 at 8:32 AM Helmut Schneider > wrote: > > > Hello all, > > > > let's assume the following structure in a yaml: > > > > profiles: > > vpn: > > openvpn: > > instances: > > client: > > myclient: > > remote: 'openvpn_host 1194' > > > > I would now like to check if e.g. "client" exists: > > > > if ($profiles['vpn']['openvpn']['instances']['client']) > > > > This works as long as the structure > > > > profiles: > > vpn: > > openvpn: > > instances: > > > > exists and fails if not (because OpenVPN should not be available for > > that client): > > > > Error: Could not retrieve catalog from remote server: Error 500 on > > SERVER: Server Error: Evaluation Error: Operator '[]' is not > > applicable to an Undef Value. at > > /etc/puppetlabs/code/modules/openvpn/manifests/init.pp:17:7 on node > > my_client > > > > Is there a way to check the existence of a hierarchy without > > creating an empty hierarchy or doing something like > > > > if is_hash($profiles) { > > if has_key($profiles, 'vpn') { > > if has_key($profiles['vpn'], 'openvpn') { > > if has_key($profiles['vpn']['openvpn'], 'instances') { > > ...and so on > > } > > } > > } > > } > > > > Thank you! Great, thanks a lot! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/xn0lcc1v3t20grw001%40news.gmane.org. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Check existence of a hierarchy
What you're looking for is the dig() function. https://puppet.com/docs/puppet/latest/function.html#dig $profiles.dig('vpn', 'openvpn', 'instances', 'client') On Wed, Jul 11, 2018 at 8:32 AM Helmut Schneider wrote: > Hello all, > > let's assume the following structure in a yaml: > > profiles: > vpn: > openvpn: > instances: > client: > myclient: > remote: 'openvpn_host 1194' > > I would now like to check if e.g. "client" exists: > > if ($profiles['vpn']['openvpn']['instances']['client']) > > This works as long as the structure > > profiles: > vpn: > openvpn: > instances: > > exists and fails if not (because OpenVPN should not be available for > that client): > > Error: Could not retrieve catalog from remote server: Error 500 on > SERVER: Server Error: Evaluation Error: Operator '[]' is not applicable > to an Undef Value. at > /etc/puppetlabs/code/modules/openvpn/manifests/init.pp:17:7 on node > my_client > > Is there a way to check the existence of a hierarchy without creating > an empty hierarchy or doing something like > > if is_hash($profiles) { > if has_key($profiles, 'vpn') { > if has_key($profiles['vpn'], 'openvpn') { > if has_key($profiles['vpn']['openvpn'], 'instances') { > ...and so on > } > } > } > } > > Thank you! > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/xn0lcc078szqyl1000%40news.gmane.org > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CACkW_L40ZvgSM-AYJ7HBq_u%2B7MuBYL6GbfEE%3Di9qVn9f5Cu4rQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Check existence of a hierarchy
Hello all, let's assume the following structure in a yaml: profiles: vpn: openvpn: instances: client: myclient: remote: 'openvpn_host 1194' I would now like to check if e.g. "client" exists: if ($profiles['vpn']['openvpn']['instances']['client']) This works as long as the structure profiles: vpn: openvpn: instances: exists and fails if not (because OpenVPN should not be available for that client): Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Operator '[]' is not applicable to an Undef Value. at /etc/puppetlabs/code/modules/openvpn/manifests/init.pp:17:7 on node my_client Is there a way to check the existence of a hierarchy without creating an empty hierarchy or doing something like if is_hash($profiles) { if has_key($profiles, 'vpn') { if has_key($profiles['vpn'], 'openvpn') { if has_key($profiles['vpn']['openvpn'], 'instances') { ...and so on } } } } Thank you! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/xn0lcc078szqyl1000%40news.gmane.org. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: PKIX path validation failed
Am Dienstag, 10. Juli 2018 20:04:03 UTC+2 schrieb Bret Wortman: > > I'm standing up a new replacement puppet server in place of the one we > trashed a few weeks ago, and am running into a new, interesting issue. > > I'm running puppet and puppetdb on the same server. Postgres is up and > running. When I try to run puppet agent -t on a random system, I get this: > > # puppet agent -t > Warning: Unable to fetch my node definition, but the agent run will > continue > : > Info: Retrieving pluginfacts > Info:Retrieving plugin > Info: Loading facts > Error: Could not retrieve catalog from remote server: Error 500 on SERVER: > Server Error: Failed to execute > '/pdb/cmd/v1?checksum==5=zw129.my.net=replace_fact=' > > on at least 1 of the following 'server_urls': https://puppet.my.net:8081 > Warning: Not using cache on failed catalog > Error: Could not retrieve catalog: skipping run > # > > > So I peeked in /var/log/puppetlabs/puppetserver/puppetserver.log and found: > > ERROR [qtp6662638830-70] [c.p.h.c.i.PersistentSyncHttpClient] Error > executing http request > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > : > Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem > : > Caused by: sun.security.validator.ValidatorException: PKIX path validation > failed: java.security.cert.CertPathValidatorException: Path does not chain > with any of the trust anchors > : > > So I'm thinking something in the certificate chain is wrong, but I'm > hesitant to dive in and start replacing certs without being pretty sure of > what I'm doing, lest we end up starting over yet again. Has anyone else > encountered anything like this? > > > Sounds like maybe multiple issues: * if an ENC is configured the ENC request maybe failed * puppetdb does not use certs that are signed by the puppetserver CA I would start by checking puppetdb certs. - Thomas -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/36cbdda2-55b1-4f0a-ad3c-77d2f12ca390%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: puppetlabs-mysql: change the @HOST for the 'root'@'localhost'
what about - adding an additional root@% instead of reconfiguring the root@localhost one? - set create_root_user=> false when declaring mysql::server class (don't know the implications) - Thomas Am Dienstag, 10. Juli 2018 22:36:20 UTC+2 schrieb comport3: > > Using the latest Puppet 5.5+ and puppetlabs/mysql module 5.4.0, is there a > way to change the 'localhost' host portion of the root user? > > Post deployment, I can use the following MySQL commands to change it, but > it breaks the Puppet module: > > UPDATE mysql.user SET Host='%' WHERE Host='localhost' AND > User='root'; FLUSH PRIVILEGES; > > However this breaks the Puppet run with the following output (with --debug > arguments) > Debug: Prefetching mysql resources for mysql_user > Debug: Executing: '/usr/bin/mysql --defaults-extra-file=/root/.my.cnf -NBe > SELECT CONCAT(User, '@',Host) AS User FROM mysql.user' > Debug: Executing: '/usr/bin/mysql --defaults-extra-file=/root/.my.cnf -NBe > SELECT MAX_USER_CONNECTIONS, MAX_CONNECTIONS, MAX_QUESTIONS, MAX_UPDATES, > SSL_TYPE, SSL_CIPHER, X509_ISSUER, X509_SUBJECT, AUTHENTICATION_STRING, > PLUGIN FROM mysql.user WHERE CONCAT(user, '@', host) = 'root@%'' > Debug: Executing: '/usr/bin/mysql --defaults-extra-file=/root/.my.cnf -NBe > SELECT MAX_USER_CONNECTIONS, MAX_CONNECTIONS, MAX_QUESTIONS, MAX_UPDATES, > SSL_TYPE, SSL_CIPHER, X509_ISSUER, X509_SUBJECT, AUTHENTICATION_STRING, > PLUGIN FROM mysql.user WHERE CONCAT(user, '@', host) = 'backup@localhost'' > Debug: Executing: '/usr/bin/mysql --defaults-extra-file=/root/.my.cnf -NBe > SELECT MAX_USER_CONNECTIONS, MAX_CONNECTIONS, MAX_QUESTIONS, MAX_UPDATES, > SSL_TYPE, SSL_CIPHER, X509_ISSUER, X509_SUBJECT, AUTHENTICATION_STRING, > PLUGIN FROM mysql.user WHERE CONCAT(user, '@', host) = > 'mysql.session@localhost'' > Debug: Executing: '/usr/bin/mysql --defaults-extra-file=/root/.my.cnf -NBe > SELECT MAX_USER_CONNECTIONS, MAX_CONNECTIONS, MAX_QUESTIONS, MAX_UPDATES, > SSL_TYPE, SSL_CIPHER, X509_ISSUER, X509_SUBJECT, AUTHENTICATION_STRING, > PLUGIN FROM mysql.user WHERE CONCAT(user, '@', host) = > 'mysql.sys@localhost'' > Debug: Executing: '/usr/bin/mysql --defaults-extra-file=/root/.my.cnf > --database=mysql -e CREATE USER 'root'@'localhost' IDENTIFIED BY PASSWORD > '*93F220D3C07B130C09DBA0C962F71213F3D0B8D6'' > Error: Execution of '/usr/bin/mysql --defaults-extra-file=/root/.my.cnf > --database=mysql -e CREATE USER 'root'@'localhost' IDENTIFIED BY PASSWORD > '*93F220D3C07B130C09DBA0C962F71213F3D0B8D6'' returned 1: ERROR 1396 (HY000) > at line 1: Operation CREATE USER failed for 'root'@'localhost' > Error: > /Stage[main]/Mysql::Server::Root_password/Mysql_user[root@localhost]/ensure: > change from 'absent' to 'present' failed: Execution of '/usr/bin/mysql > --defaults-extra-file=/root/.my.cnf --database=mysql -e CREATE USER > 'root'@'localhost' IDENTIFIED BY PASSWORD > '*93F220D2C07B130C09DBA0C962F61213F3D1B8F6'' returned 1: ERROR 1396 (HY000) > at line 1: Operation CREATE USER failed for 'root'@'localhost' > Notice: /Stage[main]/Mysql::Server::Root_password/File[/root/.my.cnf]: > Dependency Mysql_user[root@localhost] has failures: true > Warning: /Stage[main]/Mysql::Server::Root_password/File[/root/.my.cnf]: > Skipping because of failed dependencies > > > The following is the Hiera listen directive that necessitates the above > (and, I'm aware this is NOT best practise, but I have a Dev server with > nothing sensitive on it, 250+ databases to migrate and nearly that many > ancient decrepit web apps connecting to it as root...) > mysql_server_override_options: > mysqld: > 'bind-address': '10.0.0.5' > > > Does anyone know how to change the root users 'host' without breaking the > module? > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/e1a4f59b-f553-402a-af8c-a0228c068d8b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: puppetserver 5 logging to STDOUT misses puppet compiler messages
The log is actually logged - I had some wrong assumptions how systemd/journald logs. journalctl -u puppetserver.service only contains logs until the systemd service is started. To get the STDOUT output of the puppetserver java process one can use: journalctl -t puppetserver or in case of CentOS/RHEL 7 this is normally also available in /var/log/messages - Thomas Am Montag, 9. Juli 2018 11:32:53 UTC+2 schrieb Thomas Müller: > > Hi > > I wan't my puppetserver 5.3 to log to STDOUT in addition or as replacement > for /var/log/puppetlabs/puppetserver/puppetserver.log. > > I've added the following to the /etc/puppetlabs/puppetserver/logback.xml > config file: > > > ... > > ... > ** > > > > I can see that after a service restart some of the messages get printed to > stdout - but not all. > > All the puppet compiler messages are not added to STDOUT but they are in > puppetserver.log. > > Example messages not added to STDOUT: > > Pupppet The function 'xy' is deprecated in favor of using 'lookup' ... > Puppet This method is deprecated, please use the ... > Puppet Undefined variable '...' ... > Puppet Compiled catalog for ... in environment in ... seconds > > Same if I remove the F1 appender-ref to disable logging to > puppetserver.log. > > Is there some additional config required to log everything that is logged > to the file also to STDOUT? > > - Thomas > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/903d84e7-606c-46b6-ad66-ebea1077387f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.