Planet Puppet

Your source of Puppet technical information

How to update the PostgreSQL version on your puppetserver

admin, 18 hours, 13 minutes | Source: Immerda Techblog

Our puppetserver uses puppetdb which users PostgreSQL as the persistent datastore in the back.
So far everything is self-contained on the same VM and PostgreSQL is more less managed by the puppetdb module.
The puppetdb module takes care of setting up the PostgreSQL server and uses the upstream PostgreSQL yum module for the binaries. By default it uses PostgreSQL in version 9.6.

Lately, it was announced that puppetdb will start requiring PostgreSQL at least in version 11. Time to start to upgrade our PostgreSQL installation to be ready.

Since the upstream yum repository allows to install multiple version in parallel ...

[ Read More ]

New Gartner Report: How to lead digital disruption with programmable infrastructure

Anonymous, 3 days, 17 hours | Source: Puppet

Download the Gartner Report and learn more about why I&O leaders must adopt programmable infrastructure to enhance customer-focused agility.

[ Read More ]

2020-10-16: IAC Team Status Update

DavidS, 4 days, 7 hours | Source: Puppet IAC Team

Community Contributions

We’d like to thank the following people in the Puppet Community for their contributions over this past week:

[ Read More ]

2020-10-09: IAC Team Status Update

daianamezdrea, 1 week, 4 days | Source: Puppet IAC Team

Community Contributions

We had a busy week and the community was very active so we’d like to thank the following people in the Puppet Community for their contributions over this past week:

Thanks to jcpunk for the folowing PRs where he resolves puppet-lint and yamllint warnings across the following repos:

[ Read More ]

Deploying Puppet Enterprise agents with HashiCorp Terraform on Azure VMs

Anonymous, 1 week, 4 days | Source: Puppet

Tips and tricks for integrating Puppet Enterprise and HashiCorp Terraform to deploy PE agents on your Azure VMs.

[ Read More ]

Collecting GCP info and system metrics for Honeycomb

dev_el_ops, 2 weeks, 1 day | Source: Puppet IAC Team

For a new and exciting project, the team is currently onboarding on Google Cloud Platform (GCP) development. I can’t wait until I’m able to share more, but for now I can only say we’re looking at a Sinatra-hosted Ruby API server. To gain a better understanding how the service is performing, we want to collect some “traditional” metrics. Since we’re already using honeycomb for tracing tests and API calls, looking into honeycomb for more was my first choice. Most of the content here is based off the “Getting Started With Honeycomb Metrics” whitepaper at [], made specific to ...

[ Read More ]

2020-10-02: IAC Team Status Update

carabasdaniel, 2 weeks, 4 days | Source: Puppet IAC Team

Hello everyone!

The IAC Team had a lot of activity this past week.

Here’s a brief summary:

Community Contributions

We’d like to thank the following people in the Puppet Community for their contributions over this past week:

[ Read More ]

Porting a module to RHEL 8

Anonymous, 2 weeks, 4 days | Source:

Often, updating a Puppet module to work on a newer platform is mostly a case of fixing up a a few paths or package names. Sometimes though, more significant changes are called for. When updating to RHEL (or family) 8, here are some major changes that we’ve had to account for:

  • dnf is the new standard package manager.
  • Some services only log to systemd now and not to /var/log/*
  • has finally been superseded by Wayland.
  • iptables had been replaced with nftables.
  • The default Python version is now 3.x.
  • Replacing ntpd with the new chrony service. Yes, that means ...

[ Read More ]

Hacktoberfest 2020

Anonymous, 2 weeks, 4 days | Source: Puppet

The Puppet team wants you to join us during this year’s Hacktoberfest. Get the details here and sign up.

[ Read More ]

Reporting a problem with a module

Anonymous, 2 weeks, 5 days | Source:

Have you found a problem with a module? Maybe it doesn’t behave properly when you enable SELinux, or maybe it just doesn’t declare support for the latest Puppet release. In any case, let’s walk through how you can surface the problem and maybe get it corrected.

First find the module on the Forge. You’ll probably see a “Report issues” link. Clicking that link will take you to the issue tracker for that module. For Puppet supported modules, that will be Jira and you can click the big orange [Create] button in the page header. For many others, it will take ...

[ Read More ]

Contributing a pull request

Anonymous, 2 weeks, 5 days | Source:

Coming soon; instructions on completing a pull request.

[ Read More ]

Introducing Puppet Enterprise tasks and workflows in Puppet Remediate

Anonymous, 2 weeks, 5 days | Source: Puppet

Puppet Remediate 1.4 enables Puppet Enterprise customers to make use of existing tasks and workflows and deploy remediations using the Puppet agent.

[ Read More ]

Validating a module on a newer Puppet version

Anonymous, 2 weeks, 6 days | Source:

Puppet modules declare their own Puppet version support. In other words, the module developer will use the metadata.json file to indicate the Puppet versions they have tested against. Most notably, that means that a module not declaring support for the latest version of Puppet does not necessarily mean that it does not support that version, it might just mean that the developer hasn’t validated it yet and hasn’t gotten around to making a new release with the metadata updated.

In other words, if a module doesn’t claim support for the version of Puppet that you are running, it’s likely that ...

[ Read More ]

4 ways to inject secrets into an application

Mickaël Canévet, 1 month, 3 weeks | Source: Camptocamp Blog

Most applications require secrets, for example to connect to a database, communicate with another application using tokens or certificates, define an admin password‌

Dealing with this is often a headache. Even when you have a proper secret management tool, it's sometimes a nightmare to inject the secrets into the application where it needs to be used.

The 4 ways

First way: build time

This is probably the worst way to do it.


  • Build a WAR file, or a Docker image or any artifact with a configuration file that contains the secret in plain text.


  • Your deployment tool does ...

[ Read More ]

Use Kustomize to post-render Helm charts in ArgoCD

Mickaël Canévet, 2 months | Source: Camptocamp Blog

In an ideal world you wouldn't have to perform multiple steps for the rendering, but unfortunately we don't live in an ideal world...


Nowadays, most applications that are meant to be deployed in Kubernetes provide a Helm chart to ease deployment. Unfortunately, sometimes the Helm chart is not flexible enough to do what you want to do, so you have to fork and contribute and hope that your contribution is quickly merged upstream so that you don't have to maintain your fork.

Instead of pointing to your fork, you could use Kustomize to apply some post-rendering to your templatized ...

[ Read More ]

Simple secret sharing with gopass and summon

Raphaël Pinson, 2 months, 3 weeks | Source: Camptocamp Blog

Secrets are a fundamental, yet complex issue in software deployment.

Solutions such as KeepassX are simple to use, but quite impractical when it comes to automation.

More complex options like Hashicorp Vault are extremely powerful, but harder to set up and maintain.

Pass: a simple solution

When it comes to storing securely and sharing passwords in a team, it is hard to come up with a more simple and efficient solution than Git and GnuPG combined.

Pass is a shell script that does just that. Inside a Git repository, Pass stores passwords in individual files encrypted for all private GnuPG ...

[ Read More ]

Decomissioning with Puppet: report & purge unmanaged resources

Raphaël Pinson, 2 months, 4 weeks | Source: Camptocamp Blog

Puppet lets you manage resources explicitely. But did you know you can also dynamically purge unmanaged resources using Puppet?


A user in your organization just left, and you need to remove their account from all nodes. If you were managing their account with Puppet —whether with a user resource type or using an accounts module—, you need to make sure this user is absent:

user { 'jdoe':
  ensure => absent,

Great. Job done. Now, how long should this resource be kept in your code? One hour? One week? One year? What if an old node ...

[ Read More ]

Puppet Tip 118 - Using EYAML-GPG to store secrets in Hiera

Anonymous, 4 months, 1 week | Source: Example 42

There are situations when you want to store secrets like passwords, tokens or usernames in Hiera. The default way to do this is to use Hieras E(ncrypted)YAML implementation based on PKCS7. You can find out more about that at: Encrypt your secrets with Hiera eyaml Pros and cons of the two EYAML mechanisms EYAML EYAML uses a public/private keypair. The public key goes out to all users. They are able to encrypt content; then, the private key is stored somewhere safe and on the Puppetservers. This key is the only way to decrypt content. This is pretty easy to configure, ...

[ Read More ]

Puppet Tip 117 - Managing extra repositories with Tiny Puppet

Anonymous, 5 months | Source: Example 42

I’ve written recently a post about Tiny Puppet, which is a recommended reading if you want to understand some of its internals. Now, here, I want to talk about how you can use it to manage interesting and juicy extra packages repositories with it. Managing packages repositories with Tiny Puppet RedHat based repositories Ubuntu / Debian based repositories Adding custom repositories Managing packages repositories with Tiny Puppet I suppose everybody who works with RedHat Linux or derivatives is well aware of EPEL, a collection of packages, totally compatible with the default set of packages, shipped with RedHat Enterprise Linux (and ...

[ Read More ]

Puppet Tip 116 - Puppet Control-Repo Workflow

Anonymous, 5 months, 2 weeks | Source: Example 42

When starting with Puppet you usually first create your Puppet GIT control-repository, a single place from where you can rebuild your whole Infrastructure with Puppet. Within this Puppet control repository you separate upstream library modules (forge modules) from your own code. Upstream libraries are added to Puppetfile (preferably specifying the version of each module). It is up to you, whether you just copy and adopt our Open Source Control-Repository or if you prefer to start with an empty repository. Each branch in the Puppet control repository will be deployed as a Puppet environment. In both cases you want to carefully ...

[ Read More ]