date:20221102

Re: [Puppet Users] [PuppetDB] Error 500 'Failed to execute '/pdb/cmd/v1....'

2022-11-02 Thread Martin Alfke

Can you provide the code, you used with puppetdb module?

> On 2. Nov 2022, at 08:18, Nir Fishler  wrote:
> 
> I tried to configure it using two different methods;
> Installing PuppetDB via Puppet module
> Installing from packages
> neither one of the above had given a complete success.
> 
> On Monday, October 31, 2022 at 12:14:31 PM UTC+2 Martin Alfke wrote:
>> How did you configure puppetdb and puppetserver?
>> On Open Source we usually recommend the puppetlabs-puppetdb module.
>> 
>> 
>> 
>>> On 31. Oct 2022, at 10:39, Nir Fishler > wrote:
>>> 
>> 
>>> Hey Martin,
>>> 
>>> Thanks for your reply. 
>>> 
>>> There are three files underneath that directory:
>>> puppetdb-access.log
>>> puppetdb.log
>>> puppetdb-status.log
>>> but all seem to be empty - 0kb
>>> what does that mean?
>>> 
>>> On Monday, October 10, 2022 at 11:03:05 AM UTC+3 Martin Alfke wrote:
 Hi Nir,
 
 Please check the puppetdb log file for further error investigation.
 Usually this is located at /var/log/puppetlabs/puppetdb/puppetdb.log
 
 Hth,
 Martin
 
 
 
> On 30. Sep 2022, at 10:30, Nir Fishler > wrote:
> 
 
> Hello,
> 
> puppetserver version: 7.8.0  (CentOS 7) | hostname:  puppet-staging-srv
> puppet agent: 7.19
> puppetdb: 7.11.0-1focal (Ubuntu 20.04) | hostname: puppet-staging-srv-db
> Postgres: 12.12-0ubuntu0.20.04.1
> 
> Foreman is enabled on Puppetserver.
> Postgres is configured to work with SSL.
> 
> Getting the below error from ANY VM on the network whenever I try to sync 
> with Puppet master server.
> 
> Error message:
> Error: Could not retrieve catalog from remote server: Error 500 on 
> SERVER: Server Error: Failed to execute 
> '/pdb/cmd/v1?checksum=a0d1b67028ed455a4d8b15fd5fc846ca54d4c0a6=5=vm-ubuntu20=replace_facts=2022-09-30T07:47:13.621Z'
>  on at least 1 of the following 'server_urls': 
> https://puppet-staging-srv-db:8081 
> Warning: Not using cache on failed catalog
> Error: Could not retrieve catalog; skipping run
> 
> However, When I remove the configuration files(puppetdb.conf , values 
> from puppet.conf, routes.yaml) from the Puppet master $CONF dir, 
> everything is back to normal and sync works.
> 
> Connection between Puppet master and puppetdb and vice vesra:
> [root@puppet-staging-srv puppet] nc -zvw10 puppet-staging-srv-db 8081
> Ncat: Version 7.50 ( https://nmap.org/ncat )
> Ncat: Connected to 10.111.8.77:8081 .
> 
> root@puppet-staging-srv-db:~# nc -zvw10 puppet-staging-srv 8140
> Connection to puppet-staging-srv 8140 port [tcp/puppet] succeeded!
> 
> PuppetDB website is UP and shows zero data on 'Active Nodes' and most of 
> the fields(see screenshot snap-1.png.)
> 
> Thanks in advanced!
> 
 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users...@googlegroups.com <>.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/af30e761-f765-4260-978e-b4817e42f3b8n%40googlegroups.com
>  
> .
> 
 
>>> 
>>> 
>>> -- 
>>> You received this message because you are subscribed to the Google Groups 
>>> "Puppet Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an 
>>> email to puppet-users...@googlegroups.com <>.
>> 
>>> To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/puppet-users/c8eb95ed-64fc-4900-868b-791e3b0bf94fn%40googlegroups.com
>>>  
>>> .
>> 
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users+unsubscr...@googlegroups.com 
> .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/63bfcccd-a462-41c7-9ca4-cebf537fe968n%40googlegroups.com
>  
> .

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit

Re: [EXTERNAL] - Re: [Puppet Users] Hiera 5 and Deferred / Sensitive

2022-11-02 Thread 'Dirk Heinrichs' via Puppet Users

Am Mittwoch, dem 02.11.2022 um 00:21 -0700 schrieb Aaron Russo:

There is
petems-hiera_vault
which is close --

Didn't know this one.

it retrieves secrets straight from Vault, but the puppet server is doing the
retrieving and means that the server needs privileged access to all the secrets
in Vault that agents' would need.

Yes, of course. The server does the catalog compilation, so that's the place
where the values are needed.

Bye...

Dirk

Dirk Heinrichs
Senior Systems Engineer, Delivery Pipeline
OpenText ™ Discovery | Recommind
Phone: +49 2226 15966 18
Email: dhein...@opentext.com
Website:
www.recommind.de
Recommind GmbH, Von-Liebig-Straße 1, 53359 Rheinbach
Vertretungsberechtigte Geschäftsführer Gordon Davies, Madhu Ranganathan,
Christian Waida, Registergericht Amtsgericht Bonn, Registernummer HRB 10646
This e-mail may contain confidential and/or privileged information. If you are
not the intended recipient (or have received this e-mail in error) please
notify the sender immediately and destroy this e-mail. Any unauthorized
copying, disclosure or distribution of the material in this e-mail is strictly
forbidden
Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen.
Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten
haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail.
Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail sind nicht
gestattet.

--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/3d51e54e496919798579bfbbec9c44c0948865eb.camel%40opentext.com.

Re: [Puppet Users] Hiera 5 and Deferred / Sensitive

2022-11-02 Thread Aaron Russo

If you're referring to hiera-eyaml-vault
, that's not pulling
secrets out of Vault -- it's using the transit encryption provider in place
of gpg keys and storing those in yaml. It's a neat approach but not what
I'm looking for.

There is petems-hiera_vault
 which
is close -- it retrieves secrets straight from Vault, but the puppet server
is doing the retrieving and means that the server needs privileged access
to all the secrets in Vault that agents' would need.

vault_lookup  uses
Deferred functions to have the agent authenticate and retrieve secrets from
Vault, which lets me assign a policy based on the host, so it can only see
the secrets it needs. It works great! I simply want that functionality in
hiera.

What I've done is similar to petems-hiera_vault except I return a Deferred
function to perform the vault_lookup::lookup on the agent side rather than
perform the vault lookup on the server side.

Thanks,

Aaron

-- 
Aaron Russo (He/Him/His)
PIXAR | Senior Systems Engineer


On Tue, Nov 1, 2022 at 11:34 PM 'Dirk Heinrichs' via Puppet Users <
puppet-users@googlegroups.com> wrote:

> Am Freitag, dem 21.10.2022 um 11:49 -0700 schrieb Aaron Russo:
>
> However it feels like an anti-pattern by forcing lookups into our
> manifests when we want to keep that in Hiera. I found a previous related
> thread[2] where Henrik suggested writing a custom backend for Hiera and
> return a Deferred.
>
>
> hiera-eyaml has a plugin for retrieving secrets from Vault. Did you try
> that?
>
> HTH...
>
> Dirk
>
> --
>
> *Dirk Heinrichs*
> Senior Systems Engineer, Delivery Pipeline
> OpenText ™ Discovery | Recommind
> *Phone*: +49 2226 15966 18
> *Email*: dhein...@opentext.com
> *Website*: www.recommind.de
> Recommind GmbH, Von-Liebig-Straße 1, 53359 Rheinbach
> Vertretungsberechtigte Geschäftsführer Gordon Davies, Madhu Ranganathan,
> Christian Waida, Registergericht Amtsgericht Bonn, Registernummer HRB 10646
> This e-mail may contain confidential and/or privileged information. If you
> are not the intended recipient (or have received this e-mail in error)
> please notify the sender immediately and destroy this e-mail. Any
> unauthorized copying, disclosure or distribution of the material in this
> e-mail is strictly forbidden
> Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
> Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail
> irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und
> vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte
> Weitergabe dieser Mail sind nicht gestattet.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/7897bf9d6301f9bad84d762de8a0e7d35dfd2572.camel%40opentext.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAA4bxV4Ajn8W%3D4fhAa-TAOAhLjz%2B0K1jO6QNYuETGXuxHSZvfQ%40mail.gmail.com.

Re: [Puppet Users] [PuppetDB] Error 500 'Failed to execute '/pdb/cmd/v1....'

2022-11-02 Thread Nir Fishler

I tried to configure it using two different methods;

   1. Installing PuppetDB via Puppet module
   2. Installing from packages
   
neither one of the above had given a complete success.

On Monday, October 31, 2022 at 12:14:31 PM UTC+2 Martin Alfke wrote:

> How did you configure puppetdb and puppetserver?
> On Open Source we usually recommend the puppetlabs-puppetdb module.
>
>
> On 31. Oct 2022, at 10:39, Nir Fishler  wrote:
>
> Hey Martin,
>
> Thanks for your reply. 
>
> There are three files underneath that directory:
>
>- puppetdb-access.log
>- puppetdb.log
>- puppetdb-status.log
>
> but all seem to be empty - 0kb
> what does that mean?
>
> On Monday, October 10, 2022 at 11:03:05 AM UTC+3 Martin Alfke wrote:
>
>> Hi Nir,
>>
>> Please check the puppetdb log file for further error investigation.
>> Usually this is located at /var/log/puppetlabs/puppetdb/puppetdb.log
>>
>> Hth,
>> Martin
>>
>>
>> On 30. Sep 2022, at 10:30, Nir Fishler  wrote:
>>
>> Hello,
>>
>> *puppetserver *version: 7.8.0  (CentOS 7) | *hostname*:  
>> puppet-staging-srv
>> *puppet *agent: 7.19
>> *puppetdb*: 7.11.0-1focal (Ubuntu 20.04) | *hostname*: 
>> puppet-staging-srv-db
>> *Postgres*: 12.12-0ubuntu0.20.04.1
>>
>> Foreman is enabled on Puppetserver.
>> Postgres is configured to work with SSL.
>>
>> Getting the below error from ANY VM on the network whenever I try to sync 
>> with Puppet master server.
>>
>> *Error message:*
>> Error: Could not retrieve catalog from remote server: Error 500 on 
>> SERVER: Server Error: Failed to execute 
>> '/pdb/cmd/v1?checksum=a0d1b67028ed455a4d8b15fd5fc846ca54d4c0a6=5=vm-ubuntu20=replace_facts=2022-09-30T07:47:13.621Z'
>>  
>> on at least 1 of the following 'server_urls': 
>> https://puppet-staging-srv-db:8081
>> Warning: Not using cache on failed catalog
>> Error: Could not retrieve catalog; skipping run
>>
>> However, When I remove the configuration files(puppetdb.conf , values 
>> from puppet.conf, routes.yaml) from the Puppet master $CONF dir, everything 
>> is back to normal and sync works.
>>
>> Connection between Puppet master and puppetdb and vice vesra:
>> [root@puppet-staging-srv puppet] *nc -zvw10 puppet-staging-srv-db 8081*
>> Ncat: Version 7.50 ( https://nmap.org/ncat )
>> Ncat: 
>> *Connected to 10.111.8.77:8081 .*
>> root@puppet-staging-srv-db:~# *nc -zvw10 puppet-staging-srv 8140*
>> Connection to puppet-staging-srv 8140 port [tcp/puppet] succeeded!
>>
>> PuppetDB website is UP and shows zero data on 'Active Nodes' and most of 
>> the fields(see screenshot snap-1.png.)
>>
>> Thanks in advanced!
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to puppet-users...@googlegroups.com.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/puppet-users/af30e761-f765-4260-978e-b4817e42f3b8n%40googlegroups.com
>>  
>> 
>> .
>> 
>>
>>
>>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users...@googlegroups.com.
>
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/c8eb95ed-64fc-4900-868b-791e3b0bf94fn%40googlegroups.com
>  
> 
> .
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/63bfcccd-a462-41c7-9ca4-cebf537fe968n%40googlegroups.com.

Re: [Puppet Users] Hiera 5 and Deferred / Sensitive

2022-11-02 Thread 'Dirk Heinrichs' via Puppet Users

Am Freitag, dem 21.10.2022 um 11:49 -0700 schrieb Aaron Russo:

However it feels like an anti-pattern by forcing lookups into our manifests
when we want to keep that in Hiera. I found a previous related thread[2] where
Henrik suggested writing a custom backend for Hiera and return a Deferred.

hiera-eyaml has a plugin for retrieving secrets from Vault. Did you try that?

HTH...

Dirk

--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/7897bf9d6301f9bad84d762de8a0e7d35dfd2572.camel%40opentext.com.

Re: [Puppet Users] Resource default values from site.pp not applied

2022-11-02 Thread 'Dirk Heinrichs' via Puppet Users

Am Montag, dem 31.10.2022 um 20:57 -0700 schrieb Robin Lee Powell:

I don't think we're going to be able to help further without a
fully-working minimal example.

Found the reason. I include classes by Hiera lookup. It works if I put the
defaults BEFORE

lookup('classes', { merge => unique }).include

Thanks for your efforts.

Bye...

Dirk

--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/ce9dec42f9bb2f12579702664be4180ce499954f.camel%40opentext.com.

Re: [Puppet Users] [PuppetDB] Error 500 'Failed to execute '/pdb/cmd/v1....'

Re: [EXTERNAL] - Re: [Puppet Users] Hiera 5 and Deferred / Sensitive

Re: [Puppet Users] Hiera 5 and Deferred / Sensitive

Re: [Puppet Users] [PuppetDB] Error 500 'Failed to execute '/pdb/cmd/v1....'

Re: [Puppet Users] Hiera 5 and Deferred / Sensitive

Re: [Puppet Users] Resource default values from site.pp not applied

6 matches

Site Navigation

Mail list logo

Footer information