2020-11-27: IAC Team Status Update

carabasdaniel, 2 days, 19 hours | Source: Puppet IAC Team

Community Contributions

We’d like to thank the following people in the Puppet Community for their contributions over this past week:

• puppetlabs-accounts#338: “MODULES-10862 add support for authorized_keys file mode”, thanks to simondeziel
• puppetlabs-apache#2089: “Add cas_cookie_path in vhosts”, thanks to yakatz
• puppetlabs-apache#2081: “Improve SSLVerify options”, thanks to bovy89
• puppetlabs-apt#953: “Make auth.conf contents Sensitive”, thanks to suchpuppet
• puppetlabs-haproxy#449: “(bugfix) backend: dont log warnings if not necessary”, thanks to bastelfreak
• puppetlabs-kubernetes#447: “Add configuration options for conntrack settings in v1beta1 and v1beta2”, thanks to Wiston999
• puppetlabs-ntp#590: “(MAINT) Make mode for logfile configurable”, thanks to tmanninger
• puppetlabs-postgresql#1199: “Manage ...

[ Read More ]

Solving financial services regulatory challenges in Australia with Puppet

Anonymous, 4 days, 8 hours | Source: Puppet

Learn why compliance is essential, about the current state of security and Australia’s response, and how Puppet supports APRA’s Practice Guide.

[ Read More ]

Your lookback at Puppetize Digital 2020

Anonymous, 5 days, 5 hours | Source: Puppet

The Puppetize Digital 2020 playlist is live. Read the blog recap, watch the keynote & share your favorite talks on social w/ the tag #Puppetize2020.

[ Read More ]

Puppetize Digital 2020 - Content Selection

dev_el_ops, 6 days, 19 hours | Source: Puppet IAC Team

Last week saw Puppetize Digital 2020, our annual conference on all things Puppet. Over the weekend, the production team uploaded all the talks to the Puppet YouTube channel, so if you missed anything, you can now catch up at your own leisure. There is a playlist with all videos, and in this post I’ll directly link to my favourites - of course focused on Puppet Content and the IAC team’s work.

Puppet Pair Programming with Visual Studio Code

The Puppet VSCode Plugin has evolved into THE canonical way to edit puppet modules. The authors of the plugin, James ...

[ Read More ]

2020-11-20: IAC Team Status Update

david22swan, 1 week, 2 days | Source: Puppet IAC Team

Coming at you with the latest weekly blog post, here to fill you in on all the juicy IAC gossip!

Gitpod

As of a few days ago a pr (pdk-templates#354), submitted by the excellent logicminds has been merged in, adding support for gitpod puppet development to the pdk-templates as an opt in option, allowing contributors to edit any enabled module via VSCode from the browser without requiring any local setup or install.

These changes include not only the basic gitpod setup, but also the creation of a container that comes packed with pdk, puppet-debugger, puppet-agent, zsh, oh-my-zsh plugins ...

[ Read More ]

A Platform to Automate All The Things

Anonymous, 1 week, 3 days | Source: Puppet

We are taking a platform approach to our solutions by strategically integrating broad automation capabilities in a single platform.

[ Read More ]

Use OSP Assist and get your OSP info from the source

Anonymous, 1 week, 4 days | Source: Puppet

Calling OSP Practitioners! Use OSP Assist, find Puppet authored content, OSP Best Practices and more.

[ Read More ]

2020-11-13: IAC Team Status Update

michaeltlombardi, 2 weeks, 2 days | Source: Puppet IAC Team

As always, interesting weeks for the IAC team means a slew of updates for everyone else!

New Triage Practice

This week marked our second experimental session of full-team triage of all of our repositories. We decided to move from an ongoing triage rotation which assigned two engineers full-time to handling incoming issues and pull requests (rotating the assignment every two weeks) to having the entire team focus on triage work every Monday.

On Monday our team processed sixty-five PRs—34 in our tools repositories, 31 in module repositories—and released two modules. It has also meant a lot of pairing and knowledge ...

[ Read More ]

Puppetize Digital - example42 talk about GIT workflows

Anonymous, 2 weeks, 2 days | Source: Example 42

Puppetize Digital is coming! November 19th! example42 is super excited that we are again delivering a talk to a Puppet conference. This year Martin Alfke is talking about GIT workflows. The talk was prerecorded as Martin recovers from a dental surgery and will be broadcasted on November 19th at 1:30 PM (GMT) and at 2:30 PM (AEDT). Puppet and GIT Single long living branch - simple GIT Staging branches GIT flow Summary Puppet and GIT Working on Puppet always is fun. But working with GIT is hard for many people who are new to GIT. Single long living branch - ...

[ Read More ]

A Simple Auth Proxy for EKS

Raphaël Pinson, 2 weeks, 4 days | Source: Camptocamp Blog

AWS EKS is a great option for a hosted Kubernetes cluster.

It is in particular easy to use for demos and training sessions.

However, EKS authentication is based off AWS IAM, which means users need an AWS account. Authenticating to EKS typically involves calling the aws eks get-token command in your .kube/config so as to retrieve an authentication token.

As we were setting up EKS for Kubernetes training, we needed a simple way for users without an AWS account to access the cluster, so we created a basic proxy service for the EKS get-token action.

[ Read More ]

All our good reasons to sponsor Puppettize Digital

Anonymous, 2 weeks, 6 days | Source: Example 42

Another year, another Puppet conference, and another time we are sponsoring it. Let’s see what, how and why. Puppettize Digital Sponsors, as usual Presenting at Puppettize Digital Puppet, for fun and business Puppettize Digital Puppettize Digital will be a 24 hours online event, on November 19, sprayed on three different continents timezones: Asia Pacific: 10:00 AM - 6:00 PM AEDT Europe 9:00 AM - 5:00 PM GMT Americas 9:00AM - 5:00 PM PST In GMT timezone this means: Asia Pacific: 11:00 PM (Nov 18) - 7:00 AM Europe 9:00 AM - 5:00 PM Americas 5:00 PM - 1:00 AM (Nov ...

[ Read More ]

All our good reasons to sponsor Puppetize Digital

Anonymous, 2 weeks, 6 days | Source: Example 42

Another year, another Puppet conference, and another time we are sponsoring it. Let’s see what, how and why. Puppetize Digital Sponsors, as usual Presenting at Puppetize Digital Puppet, for fun and business Puppetize Digital Puppetize Digital will be a 24 hours online event, on November 19, sprayed on three different continents timezones: Asia Pacific: 10:00 AM - 6:00 PM AEDT Europe 9:00 AM - 5:00 PM GMT Americas 9:00AM - 5:00 PM PST In GMT timezone this means: Asia Pacific: 11:00 PM (Nov 18) - 7:00 AM Europe 9:00 AM - 5:00 PM Americas 5:00 PM - 1:00 AM (Nov ...

[ Read More ]

5 years of example42

Anonymous, 3 weeks, 6 days | Source: Example 42

example42 was founded back in 2015. It was the union of intents and purposes of two of the most experienced and known puppeteers in Europe: Martin Alfke from Germany and Alessandro Franceschi from Italy. Martin recalls with a smile the first steps of the company: “I still remember well the day where we received information of our official company registration on October 8th 2015 while being at PuppetConf 2015 in Portland, Oregon: I had a call with my girlfriend in Berlin, Germany, and she was excited that I had received a letter from the district court, a few hours prior ...

[ Read More ]

How to update the PostgreSQL version on your puppetserver

admin, 1 month, 1 week | Source: Immerda Techblog

Our puppetserver uses puppetdb which users PostgreSQL as the persistent datastore in the back.
So far everything is self-contained on the same VM and PostgreSQL is more less managed by the puppetdb module.
The puppetdb module takes care of setting up the PostgreSQL server and uses the upstream PostgreSQL yum module for the binaries. By default it uses PostgreSQL in version 9.6.

Lately, it was announced that puppetdb will start requiring PostgreSQL at least in version 11. Time to start to upgrade our PostgreSQL installation to be ready.

Since the upstream yum repository allows to install multiple version in parallel ...

[ Read More ]

Porting a module to RHEL 8

Anonymous, 1 month, 4 weeks | Source: binford2k.com

Often, updating a Puppet module to work on a newer platform is mostly a case of fixing up a a few paths or package names. Sometimes though, more significant changes are called for. When updating to RHEL (or family) 8, here are some major changes that we’ve had to account for:

• dnf is the new standard package manager.
• Some services only log to systemd now and not to /var/log/*
• X.org has finally been superseded by Wayland.
• iptables had been replaced with nftables.
• The default Python version is now 3.x.
• Replacing ntpd with the new chrony service. Yes, that means ...

[ Read More ]

Reporting a problem with a module

Anonymous, 1 month, 4 weeks | Source: binford2k.com

Have you found a problem with a module? Maybe it doesn’t behave properly when you enable SELinux, or maybe it just doesn’t declare support for the latest Puppet release. In any case, let’s walk through how you can surface the problem and maybe get it corrected.

First find the module on the Forge. You’ll probably see a “Report issues” link. Clicking that link will take you to the issue tracker for that module. For Puppet supported modules, that will be Jira and you can click the big orange [Create] button in the page header. For many others, it will take ...

[ Read More ]

Contributing a pull request

Anonymous, 1 month, 4 weeks | Source: binford2k.com

Coming soon; instructions on completing a pull request.

[ Read More ]

Validating a module on a newer Puppet version

Anonymous, 2 months | Source: binford2k.com

Puppet modules declare their own Puppet version support. In other words, the module developer will use the metadata.json file to indicate the Puppet versions they have tested against. Most notably, that means that a module not declaring support for the latest version of Puppet does not necessarily mean that it does not support that version, it might just mean that the developer hasn’t validated it yet and hasn’t gotten around to making a new release with the metadata updated.

In other words, if a module doesn’t claim support for the version of Puppet that you are running, it’s likely that ...

[ Read More ]

4 ways to inject secrets into an application

Mickaël Canévet, 3 months, 1 week | Source: Camptocamp Blog

Most applications require secrets, for example to connect to a database, communicate with another application using tokens or certificates, define an admin password‌

Dealing with this is often a headache. Even when you have a proper secret management tool, it's sometimes a nightmare to inject the secrets into the application where it needs to be used.

The 4 ways

First way: build time

This is probably the worst way to do it.

Examples:

• Build a WAR file, or a Docker image or any artifact with a configuration file that contains the secret in plain text.

Pros:

• Your deployment tool does ...

[ Read More ]

Use Kustomize to post-render Helm charts in ArgoCD

Mickaël Canévet, 3 months, 1 week | Source: Camptocamp Blog

In an ideal world you wouldn't have to perform multiple steps for the rendering, but unfortunately we don't live in an ideal world...

Kustomize

Nowadays, most applications that are meant to be deployed in Kubernetes provide a Helm chart to ease deployment. Unfortunately, sometimes the Helm chart is not flexible enough to do what you want to do, so you have to fork and contribute and hope that your contribution is quickly merged upstream so that you don't have to maintain your fork.

Instead of pointing to your fork, you could use Kustomize to apply some post-rendering to your templatized ...

[ Read More ]