Planet Puppet

Your source of Puppet technical information

2020-09-25: IAC Team Status Update

david22swan, 5 days, 7 hours | Source: Puppet IAC Team

Community Contributions

We’d like to thank the following people in the Puppet Community for their contributions over this past week:

New Module / Gem Releases

The following modules were released this week:

[ Read More ]

Creating Azure VM images with Packer and Puppet Bolt

Anonymous, 5 days, 18 hours | Source: Puppet

Learn how to use HashiCorp Packer and Puppet Bolt to define your Azure VM templates in code.

[ Read More ]

Docker params change detection

adrianiurca, 1 week | Source: Puppet IAC Team

Docker params change detection

The problem was reported by a client with the ticket MODULES-10734. After analysis, we discovered that we don’t have parameter change detection mechanisms. In this blog post, we try to explain the problem in detail with examples.

An interesting behaviour was present in docker::run component. The problem was that if any parameter was added/modified/removed puppet agent would only apply the change only if you stopped, removed the container manually and reapplied the manifest, forcing a new container creation.

The solution was to create a new function that detects if at least one parameter is changed. ...

[ Read More ]

Expanding EMEA footprint with new presence in Hamburg, Germany

Anonymous, 1 week | Source: Puppet

By establishing a presence in Germany, Puppet will strengthen its commitment to the local community and will better serve a strong ecosystem of customers across the region.

[ Read More ]

The best of the PowerShell Gallery, right in your PE Console

Anonymous, 1 week, 2 days | Source: Puppet

Use any DSC resource from the PowerShell Gallery natively in Puppet. Just install from the Forge & enjoy change reporting right down to the parameter!

[ Read More ]

DSC + Puppet: Arrived!

michaeltlombardi, 1 week, 2 days | Source: Puppet IAC Team

Earlier this year, we announced an upcoming project to drastically improve the story for using DSC Resources with Puppet. Today, we’re announcing the general availability of that project!

The Puppet.Dsc PowerShell module is now available on the PowerShell Gallery; furthermore, an initial batch of twenty-six PowerShell modules with DSC Resources have been Puppetized and published to the Forge!

We picked several of the most-downloaded modules with DSC Resources released in the last year to start with, but in the coming weeks you should find everything available on the PowerShell Gallery up on the Forge!

But today, in addition ...

[ Read More ]

18th September 2020: IAC Team Status Update

sanfrancrisko, 1 week, 5 days | Source: Puppet IAC Team

Hello folks! Hope this Friday finds you all well? Here’s an update from the IAC Team for the week that was:

Community Contributions

We’d like to thank the following people from the Community for their contributions this week:

Thank you jcpunk and b4ldr for your contributions!

Module Releases

The following modules were released this week:

Bolt Smoke Tests

We’d like to thank ...

[ Read More ]

Automation and changing needs, featuring Forrester

Anonymous, 2 weeks, 1 day | Source: Puppet

Abby Kearns and Forrester’s Leslie Joseph discuss how automation plays an important role in supporting companies through crises and preparing them for an uncertain future.

[ Read More ]

4 ways to inject secrets into an application

Mickaël Canévet, 1 month | Source: Camptocamp Blog

Most applications require secrets, for example to connect to a database, communicate with another application using tokens or certificates, define an admin password‌

Dealing with this is often a headache. Even when you have a proper secret management tool, it's sometimes a nightmare to inject the secrets into the application where it needs to be used.

The 4 ways

First way: build time

This is probably the worst way to do it.


  • Build a WAR file, or a Docker image or any artifact with a configuration file that contains the secret in plain text.


  • Your deployment tool does ...

[ Read More ]

Use Kustomize to post-render Helm charts in ArgoCD

Mickaël Canévet, 1 month, 1 week | Source: Camptocamp Blog

In an ideal world you wouldn't have to perform multiple steps for the rendering, but unfortunately we don't live in an ideal world...


Nowadays, most applications that are meant to be deployed in Kubernetes provide a Helm chart to ease deployment. Unfortunately, sometimes the Helm chart is not flexible enough to do what you want to do, so you have to fork and contribute and hope that your contribution is quickly merged upstream so that you don't have to maintain your fork.

Instead of pointing to your fork, you could use Kustomize to apply some post-rendering to your templatized ...

[ Read More ]

Simple secret sharing with gopass and summon

Raphaël Pinson, 2 months | Source: Camptocamp Blog

Secrets are a fundamental, yet complex issue in software deployment.

Solutions such as KeepassX are simple to use, but quite impractical when it comes to automation.

More complex options like Hashicorp Vault are extremely powerful, but harder to set up and maintain.

Pass: a simple solution

When it comes to storing securely and sharing passwords in a team, it is hard to come up with a more simple and efficient solution than Git and GnuPG combined.

Pass is a shell script that does just that. Inside a Git repository, Pass stores passwords in individual files encrypted for all private GnuPG ...

[ Read More ]

Decomissioning with Puppet: report & purge unmanaged resources

Raphaël Pinson, 2 months, 1 week | Source: Camptocamp Blog

Puppet lets you manage resources explicitely. But did you know you can also dynamically purge unmanaged resources using Puppet?


A user in your organization just left, and you need to remove their account from all nodes. If you were managing their account with Puppet —whether with a user resource type or using an accounts module—, you need to make sure this user is absent:

user { 'jdoe':
  ensure => absent,

Great. Job done. Now, how long should this resource be kept in your code? One hour? One week? One year? What if an old node ...

[ Read More ]

Puppet Tip 118 - Using EYAML-GPG to store secrets in Hiera

Anonymous, 3 months, 2 weeks | Source: Example 42

There are situations when you want to store secrets like passwords, tokens or usernames in Hiera. The default way to do this is to use Hieras E(ncrypted)YAML implementation based on PKCS7. You can find out more about that at: Encrypt your secrets with Hiera eyaml Pros and cons of the two EYAML mechanisms EYAML EYAML uses a public/private keypair. The public key goes out to all users. They are able to encrypt content; then, the private key is stored somewhere safe and on the Puppetservers. This key is the only way to decrypt content. This is pretty easy to configure, ...

[ Read More ]

Gathering metrics with a new Dropsonde plugin

Anonymous, 3 months, 3 weeks | Source:

I’ve been working on the Dropsonde telemetry framework for the Puppet ecosystem for a while. If you’ve followed any of its development, you likely already know that the main focus is on providing community value and maintaining privacy and transparency.

Along those lines, the data it generates is public and you’re invited to help implement the metrics, or even to use the framework to gather your own metrics as long as they fit within our privacy standards. For example, David could use this framework to identify how many people were using Slack or Rocket.Chat integrations with the Puppet Webhook Server ...

[ Read More ]

Puppet Tip 117 - Managing extra repositories with Tiny Puppet

Anonymous, 4 months, 1 week | Source: Example 42

I’ve written recently a post about Tiny Puppet, which is a recommended reading if you want to understand some of its internals. Now, here, I want to talk about how you can use it to manage interesting and juicy extra packages repositories with it. Managing packages repositories with Tiny Puppet RedHat based repositories Ubuntu / Debian based repositories Adding custom repositories Managing packages repositories with Tiny Puppet I suppose everybody who works with RedHat Linux or derivatives is well aware of EPEL, a collection of packages, totally compatible with the default set of packages, shipped with RedHat Enterprise Linux (and ...

[ Read More ]

Telemetry that doesn't suck

Anonymous, 4 months, 2 weeks | Source:

We both know that you hate telemetry as much as I do. We’ve all seen the dreadful rollouts of privacy invasions, the information leakage, and the abuse of private data. I have third-party cookies disabled in my browser the same as you. So when I started building Dropsonde, the upcoming metrics framework for Puppet infrastructures, privacy was my highest concern.

As a matter of fact, I have a firm rule that new features or metrics only get implemented if they meet four criteria:

  1. They provide real value to the end user (that’s you).
  2. They’re transparent about what data ...

[ Read More ]

Puppet Tip 116 - Puppet Control-Repo Workflow

Anonymous, 4 months, 4 weeks | Source: Example 42

When starting with Puppet you usually first create your Puppet GIT control-repository, a single place from where you can rebuild your whole Infrastructure with Puppet. Within this Puppet control repository you separate upstream library modules (forge modules) from your own code. Upstream libraries are added to Puppetfile (preferably specifying the version of each module). It is up to you, whether you just copy and adopt our Open Source Control-Repository or if you prefer to start with an empty repository. Each branch in the Puppet control repository will be deployed as a Puppet environment. In both cases you want to carefully ...

[ Read More ]

Downstream impact of pull requests

Anonymous, 5 months | Source:

Accepting a pull request carries a certain amount of risk, especially if you have a lot of downstream users of your code. It’s not easy to know the potential impact of breakage that a PR might introduce to your carefully tested codebase.

A couple weeks ago I wrote about a tool that can show a pretty complete analysis of who’s using the different part of your Puppet modules. It can show which parts are heavily used, and which parts are less important. And it can even link you to the source repositories of those modules, if you’d like to help ...

[ Read More ]

Data consistency testing in Puppet, Part III: Direct data assertions

Alex Harvey, 5 months, 1 week | Source: Alex Harvey | Puppet

In this third and probably the last part of this series, I look at the method of using Rspec to make direct assertions about Hiera data. Usually, the purpose of these assertions is to work around design flaws in a code base that cannot be easily corrected.


In my experience of infrastructure-as-code solutions, whether written in Puppet or ...

[ Read More ]

Writing a great README

Anonymous, 5 months, 1 week | Source:

Surprisingly enough, it’s not really that hard to write a good README. The key is to remember who you’re writing for and why. See, it’s all about time and resource management—specifically, the time that a reader is willing to give you.

This is often overlooked because most people write READMEs to be informative, but they don’t take into account how much context is implied. Most people reading about your project for the first time are not yet invested in it. If your story isn’t immediately compelling, without all the implied context that you’ve got due to your involvement in the ...

[ Read More ]