Judging from your log messages, the bucketed file is on the puppetmaster
(Filebucketed... to puppet). You can use this command to get it:
puppet filebucket get 26e643361f26cdf766199a830417c8bf /tmp/old-file
(Or at least, I can, with Puppet 2.7.6.) Then you can
diff -u /tmp/old-file
Pittman:
Hey, thanks for filing away that request. We had previous folks
asking for similar things, but no one indicated that FIPS compliant
OpenSSL would absolutely refuse to work with MD5, full stop.
Am I right in imagining, given your title, that FIPS mode is an
absolute requirement for
I've just posted a feature request
http://projects.puppetlabs.com/issues/8120 relating to FIPS 140-2
compliance. I'm pointing to it here on the mailing list because I listed
there five places where Puppet (nay, Ruby!) crashed while I was testing
a deployment using FIPS mode on all hosts. It
[master]
ca_ttl = 20y
Neat trick. By the time it expires you'll be gone! :P
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
Helwig:
On Tue, 07 Jun 2011 10:29:12 -0500, Jennings, Jared L CTR USAF AFMC 46
SK/CCI wrote:
pwck indeed behaves nicely with its exitcodes - the problem is I
want
the output to be an err, not a notice
exec { 'pwck -r':
path = '/usr/bin:/bin:/usr/sbin:/sbin',
logoutput
Helwig:
Unfortunately, the documentation is just plain wrong. loglevel is the
only one that supports any legal log level. logoutput really does
only support true, false, and on_failure.
Is pwck exiting non-zero when there is output? That should be
sufficient to trigger the behavior it
I'm trying to run pwck with Puppet 2.6.4. pwck checks the passwd file
and makes sure that, for example, each user's home directory exists.
(And other stuff.) When everything is OK, it doesn't say anything. So if
it says something, I want to know it, and I want it to stand out from
other exec
Ah. I was thinking in the broader scope of getting us away from
insecure hashes elsewhere in the product. From a strictly certificate
POV, indeed, it should be just fine.
I'm trying to configure FIPS-compliant servers, and I've run into segfaults
thrown by the Ruby interpreter when Puppet
Hi, Aaron.
Aaron (quoting letter@):
To avoid that, I added 'lens' and 'incl' parameters to the puppet type
a while ago. If you set these, Augeas will only read a specific file,
avoiding most of the unnecessary overhead.
... everything will be lightning fast, even without
connection caching.
/bin/echo OS: $operatingsystem
You are right, Stefan! I didn't pay attention at all to the command
being executed.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To
jcbollinger:
On the other hand, perhaps the new thing needed is something
different: what about resource sub-types? [...]
plainfile { /etc/profile.d/foo.sh: source = ... }
filelink { /etc/profile.d/foo.sh: target = /opt/foo/foo_env.sh }
service { foo: require = File[/etc/profile.d/foo.sh] }
Oho, this --evaltrace is what I was looking for. Thanks!
-Original Message-
From: puppet-users@googlegroups.com [mailto:puppet-
us...@googlegroups.com] On Behalf Of Nigel Kersten
Sent: Tuesday, March 22, 2011 4:40 PM
To: puppet-users@googlegroups.com
Cc: saurabh verma
Subject: Re:
+1 for Cobbler.
At my site, we don't kickstart on the production network, in order to
avoid the case where a not-fully-secured machine is exposed to network
attacks. My kickstart network is all in one room, and so is easier to
secure, logically and physically. On such a network, automatic
Has anyone else spotted any other changes requiring alteration to
the
Puppet
manifests and modules?
If you have anything that changes the inittab, it may not work: they
switched to Upstart for RHEL6.
--
You received this message because you are subscribed to the Google Groups
Puppet Users
Jared,
Are you suggesting separate physical subnet, or simply a logical
subnet
on the same physical network (using netmask)?
Mine's physically separate. I think it's what is required (google UNIX
STIG; see section 12.6), and it simplifies configuration and usage (this
network does this thing;
,
you're not required to add all content to the manifest proper.
Take note of the file() function.
http://docs.puppetlabs.com/references/stable/function.html#file
HTH,
Felix
On 02/18/2011 03:41 PM, Jennings, Jared L CTR USAF AFMC 46 SK/CCI
wrote:
I'm making a custom type under Puppet 2.6.4
Felix, thanks for your quick reply, but I'm trying to write a new
type,
not use the file type.
Oops, I misread your email, Felix. But I think the file function still
isn't what I'm after: I think I want the contents to be loaded from a
puppet:/// url, not an absolute path, because I want the
http://docs.puppetlabs.com/guides/modules.html -- I guess you want to
define your own module.
Yup, did that already.
The answer I was looking for is this.
Given: we want a custom type my_cool_type such that we can write
my_cool_type { bla:
justsometext = hi mom,
source =
i want to use red hat satellite server to deliver to the clients of
puppet an rpm containing puppet content a a few different packages.
1 for base lockdown, in this case STIG
1 for project customization
1 for applications
or something along those lines.
Aaron, you should check out CLIP,
19 matches
Mail list logo
