Planet Puppet

Your source of Puppet technical information

Puppet (and everything) over Tor

admin, 23 hours, 6 minutes | Source: Immerda Techblog

Mostly, when we talk about Tor, we just talk about websites. But what’s about other traffic and tools? What’s about Puppet or Icinga? If you have a Puppet server and you like to hide where it stays and/or which nodes are connected, perhaps you like to serve those services over an onion service.

This article is based on some research how can a Puppet server and an icinga parent be hidden. But only the corresponding traffic should be routed through Tor, the rest of the traffic shouldn’t go through Tor.

Normally Tor provides a local socks proxy, and each application ...

[ Read More ]

20th March 2020: IAC Team Status Update

sheenaajay, 3 days, 19 hours | Source: Puppet IAC Team

The IAC team has been working on a lot of interesting things over the past week. Here’s a brief overview of what we’ve been up to:

COVID-19

Read Puppet’s blog: COVID-19 for the official statement. Puppet provided remote working for all employees to support COVID-19. This precautionary measure has been taken in order to keep everyone healthy and limit the spread of the virus.

The company supports employees by giving them all the essentials to work remotely and it also appreciates the fact that remote working requires everyone to adjust their working styles. It may not be smooth for everyone, ...

[ Read More ]

Eliminating silos between InfoSec and IT Ops

Anonymous, 5 days, 2 hours | Source: Puppet

Silos lead to misunderstandings which get in the way of better vulnerability remediation.

[ Read More ]

How to use agent-side information on the puppetserver

dev_el_ops, 5 days, 19 hours | Source: Puppet IAC Team

This question was posted on the Puppet Community Slack yesterday:

Is there any way like the below in puppet code we can use:

$var=‘run command locally on agent, if $?=0 echo “present”, else echo “absent”’
if $var == present {
  # my code
} else {
  # something else
}

(by user IlovPuppet, edited for presentation)

There are a number of reasons why this question comes up. First is likely that folks are not aware of the options available at all. Then, sometimes, the common options (like custom facts) just don’t cut it for security or performance reasons. Last ...

[ Read More ]

COVID-19: a note for our community

Anonymous, 1 week | Source: Puppet

We’re committed to supporting you all during these challenging times. See all the ways you can connect and get help virtually to keep things running.

[ Read More ]

13th March 2020: IAC Team Status Update

carabasdaniel, 1 week, 3 days | Source: Puppet IAC Team

The IAC team has been working on a lot of interesting things over the past week. Here’s a brief overview of what we’ve been up to:

Updates to Puppet Modules

Over the last week we have released:

Community

A big thank you goes out to Glenn Sarti for the work he has done in removing the PDK dependency from Litmus. Also we would like to thank Antoine and Dirk Heinrichs for their help in resolving the file permission issues on the puppetlabs-apt module.

Customer Escalations

Over the past week we have closed out two issues on the puppetlabs-apt ...

[ Read More ]

Puppet Enterprise 2019.4 now available

Anonymous, 1 week, 5 days | Source: Puppet

Puppet Enterprise 2019.4 delivers a strong focus on user experience for automating orchestration.

[ Read More ]

Puppet’s social responsibility

Anonymous, 2 weeks | Source: Puppet

Check out some of our initiatives to foster diversity and inclusivity, encourage employee volunteerism, and provide greater access to technology.

[ Read More ]

Why ERB should be preferred to Jinja2 for DevOps templating

Alex Harvey, 2 weeks, 3 days | Source: Alex Harvey | Puppet

The use of Jinja2 templating in DevOps has become a de facto standard after the popularisation of Ansible and Salt as configuration management tools and Python as a programming language. Jinja2 has largely displaced the earlier Ruby-based equivalent, ERB (Embedded Ruby), that was previously popular in Puppet and Chef.

In this post, I argue that Jinja2 has a number of flaws that make it not well-suited as a general purpose templating language.

[ Read More ]

Using PowerShell 7 in VS Code

rnelson0, 2 weeks, 4 days | Source: RNELSON0

If you haven’t heard, PowerShell 7 has been released! Even if you haven’t gotten emails or RSS alerts, it’s hard to miss if you use VS Code as the PowerShell plugin will remind you on startup: Installation on Windows is as simple as selecting Yes and following the prompts. You’ll have to close VS Code […]

[ Read More ]

5th March 2020: IAC Team Status Update

david22swan, 2 weeks, 4 days | Source: Puppet IAC Team

The IAC team has been working on a lot of interesting things over the past week. Here’s a brief overview of what we’ve been up to:

Updates to Puppet Modules

Over the last week we have released three different modules:

Customer Escalations

Over the past week we have closed out one major piece of customer escalation for the mysql module and we have also begun work on another that has been raised regarding the reboot module.

Work has also been started on improvements to the SqlServer module, with multiple issues raised being worked on ...

[ Read More ]

Puppet Tip 114 - Managing Puppet Enterprise - Part 2 - Log Files

Anonymous, 1 month, 1 week | Source: Example 42

In the previous blog post we have seen what are the main services present in a Puppet Enterprise (PE) server, here we are going to give a look at their logs. All Puppet Enterprise log files are under the /var/log/puppetlabs directory. Here there are different subdirectories and log files for each single component. Puppet Server: /var/log/puppetlabs/puppetserver/ /var/log/puppetlabs/puppetserver/puppetserver.log Sample Puppet catalog compilation log. Sample code deployment log (with success) /var/log/puppetlabs/puppetserver/puppetserver-access.log /var/log/puppetlabs/puppetserver/code-manager-access.log /var/log/puppetlabs/puppetserver/puppetserver_gc.log.0.log PuppetDB: /var/log/puppetlabs/puppetdb/ /var/log/puppetlabs/puppetdb/puppetdb.log /var/log/puppetlabs/puppetdb/puppetdb-access.log /var/log/puppetlabs/puppetdb/puppetdb_gc.log.0.current Console Services: /var/log/puppetlabs/console-services/ /var/log/puppetlabs/console-services/console-services.log /var/log/puppetlabs/console-services/console-services-access.log /var/log/puppetlabs/console-services/console-services-api-access.log /var/log/puppetlabs/console-services/console-services_gc.log.0.current Nginx: /var/log/puppetlabs/nginx/ /var/log/puppetlabs/nginx/access.log /var/log/puppetlabs/nginx/error.log Puppet Enteprise Installer: /var/log/puppetlabs/installer/ Orchestration Services: /var/log/puppetlabs/orchestration-services/ /var/log/puppetlabs/orchestration-services/orchestration-services.log /var/log/puppetlabs/orchestration-services/orchestration-services-access.log /var/log/puppetlabs/orchestration-services/orchestration-services-api-access.log /var/log/puppetlabs/orchestration-services/orchestration-services_gc.log.0.current PostgreSQL: /var/log/puppetlabs/postgresql/ ...

[ Read More ]

Anonymous, 1 month, 2 weeks | Source: Example 42

Puppet Enterprise (PE) is Puppet’s commercial offering. It’s based on the Open Source core and provides various enterprise features, like the powerful and utterly useful Console to manage and visualize the whole infrastructure from a Web interface. Puppet Enterprise can be configured as in All In One installation (AIO for short), where all the PE components are installed on a single node, or have them distributed on different ones. An AIO PE server runs the following services: pe-puppetserver. The core Puppet Server service responsible for communication with clients and compilation of their catalogs pe-puppetdb. The PuppetDB service, responsible for handling ...

[ Read More ]

Puppet Tip 113 - Managing Puppet Enterprise - Part 1 - Services

Anonymous, 1 month, 2 weeks | Source: Example 42

Puppet Enterprise (PE) is Puppet’s commercial offering. It’s based on the Open Source core and provides various enterprise features, like the powerful and utterly useful Console to manage and visualize the whole infrastructure from a Web interface. Puppet Enterprise can be configured as in All In One installation (AIO for short), where all the PE components are installed on a single node, or have them distributed on different ones. An AIO PE server runs the following services: pe-puppetserver. The core Puppet Server service responsible for communication with clients and compilation of their catalogs pe-puppetdb. The PuppetDB service, responsible for handling ...

[ Read More ]

Puppet Tip 112 - Hiera nested lookups

Anonymous, 2 months | Source: Example 42

The Puppet data backend (hiera) allows you set data for site specific differences in your infrastructure. For example you can have multiple datacenters where DNS, NTP, SNMP and backup are different, or you have a development stage which uses a different database server than the production stage. Usually you check your infrastructure for differences and then use Facter data to build layers of Hiera data. But what if you need the same data in several hiera keys? Fot example you want to set the db connection settings like user/password for databases and webservers. This is where we can make use ...

[ Read More ]

Porting the whole world to a new API

Anonymous, 2 months, 1 week | Source: binford2k.com

If you maintain Puppet modules, you might have come across a little gift from me as you got back to coding after the holiday season. It’d be in your GitHub inbox.

Not long ago, I put together a tool to help port Puppet Ruby functions from the legacy 3.x API to the modern API. Over the New Year, I ran it through the ringer and updated it to catch a few more edge cases. Then once I was sure that it ported all valid–or nearly valid–functions I wrote a simple loop to update every Puppet module in all of ...

[ Read More ]

Updating Puppet classification with hiera to use the modern lookup command

rnelson0, 3 months | Source: RNELSON0

One of the most important parts of using any configuration management software, including Puppet, is making sure that your nodes receive the correct classification. You can write all the code you want to describe the desired system state, but if you don’t attach it to a node, it doesn’t provide any value. In previous articles, […]

[ Read More ]

Automagic Puppet Function Updater

Anonymous, 3 months, 3 weeks | Source: binford2k.com

Last week I wrote about porting legacy Ruby Puppet functions to the modern API. It struck me how programatic the refactoring process was, so I wrote a tool to automate much of it. The functions it generates are not great but they’re a start, and they’re validated to at least work during the process.

Installing

The tool is distributed as a Ruby gem with no dependencies, so simply gem install.

$ gem install puppet-function-updater

Usage

Run the command puppet_function_updater in the root of a Puppet module, then inspect all the generated functions for suitability when it’s done. If you ...

[ Read More ]

Upgrade to Puppet 4.x functions already!

Anonymous, 4 months | Source: binford2k.com

For many years, you’ve been able to extend the Puppet language by writing custom functions in Ruby. And since the functions were autoloaded from modules, a large ecosystem developed adding all sorts of functionality. For example, puppetlabs/stdlib includes a smorgasbord of string manipulations, data validations, data structure munging, etc. But the original function API had many critical limitations, and Puppet introduced a new and improved API with Puppet 4.x. I’d like to tell you about some of the benefits and how to upgrade your own functions to the new API. It’s surprisingly easy to do!

The end user won’t notice ...

[ Read More ]

Agent Side Functions in Puppet 6

Anonymous, 4 months, 1 week | Source: binford2k.com

Puppet 6 introduced Deferred functions, a new feature that allows you to run code on the agent side during enforcement. This is both functionality that people have been requesting for ages, and also behaviour that many people already mistakenly assumed existed. As a matter of fact, the Puppet execution model isn’t very well understood at all and many people already think they’re using Puppet like a shell script engine!

So first, let’s take a quick look at how the catalog gets built and enforced. There are a few stages we need to understand.

  1. The agent generates facts about itself ...

[ Read More ]