Planet Puppet

Your source of Puppet technical information

How to upgrade from Puppet Enterprise 3.x to 2016.4 — in video

Gary Larizza, 19 hours, 15 minutes | Source: Puppet Labs

We’ve distilled the upgrade process for Puppet Enterprise to four main steps, with how-to videos to walk you through the process at each step.

[ Read More ]

PuppetConf 2016 Wrap-Up

rnelson0, 20 hours, 25 minutes | Source: RNELSON0

Last week, I attended PuppetConf 2016. Spoiler alert: it was pretty awesome! Let’s take a look at what happened and provide some thoughts on what it means for the future of Puppet and IT in general. You can see all my live-tweets using this link, and storify links are in each section. Contributor’s Summit Storify […]

[ Read More ]

Puppet 3 End of Life 12/31/2016

rnelson0, 1 day, 15 hours | Source: RNELSON0

I mentioned this at PuppetConf: Puppet 3 support ends 12/31/2016! Hopefully you weren’t surprised, but if you were, you have just over 60 days to get upgraded. My talk at PuppetConf was about the upgrade journey so may help, and there was a whole track for Puppet 4 that you can watch when the videos […]

[ Read More ]

Tips to help you upgrade your Puppet Enterprise implementation

Suzie Baunsgard, 1 day, 19 hours | Source: Puppet Labs

Not sure how to upgrade to the long-term-support version of Puppet Enterprise from the version you’re on now? Learn how to upgrade in this post.

[ Read More ]

PuppetConf Day 2 keynotes: Azure & Nano Server,, Docker, & the mind of the CIO

Aliza Earnshaw, 2 days, 20 hours | Source: Puppet Labs

Windows Server updates for the cloud; DevOps at Salesforce; Docker, Puppet & DevOps; CIOs discuss IT today & tomorrow; and Puppet MVP of the year.

[ Read More ]

Using an alternate Forge URL with Puppet Module Tool and r10k

Jesse Scott, 5 days, 11 hours | Source: Puppet Labs

If you can’t install Puppet modules from the Forge due to the DynDNS attack, here’s how to do it from our alternate domain.

[ Read More ]

Remote execution in mgmt

purpleidea, 2 weeks, 5 days | Source: The Technical Blog of James

Bootstrapping a cluster from your laptop, or managing machines without needing to first setup a separate config management infrastructure are both very reasonable and fundamental asks. I was particularly inspired by Ansible‘s agent-less remote execution model, but never wanted to build a centralized orchestrator. I soon realized that I could have my ice cream and eat it too.

Prior knowledge

If you haven’t read the earlier articles about mgmt, then I recommend you start with those, and then come back here. The first and fourth are essential if you’re going to make sense of this article.

[ Read More ]

Removing 'magic numbers' and times from your Puppet manifests

Dean Wilson (, 2 weeks, 6 days | Source: Dean Wilson@UnixDaemon

In a large Puppet code base you’ll eventually end up with a scattering of time based ‘magic numbers‘ such as cache expiry numbers, zone file ttls and recurring job schedules. You’ll typically find these dealt with in one of a few ways. The easiest is to ignore it and leave a hopefully guessable literal value (such as 3600). The other path often taken is the dreaded heavily linked and often missed comments that start off as 86400 # seconds in a day and over time become 3600 # seconds in a day.

The time_units puppet function is a proof of ...

[ Read More ]

Register hosts to Satellite6 via CloudForms and Ansible Tower part 3

laurent, 4 weeks | Source: Laurent Domb Blog

In the first two parts of the blog series you’ve learned how you can create an inventory synchronizing Ansible Tower with CloudForms, create a Job Template in Ansible Tower and auto generate a service catalog item in CloudForms from the Job Template under the configuration management tab. You’ve also learned how you can create a new catalog and add the catalog item to it. Part 3 in the blog series is going to show you how you can create a custom button under the VM instances tab.

Step 1 Click on Automate

Step 2 Select VM ...

[ Read More ]

Register hosts to Satellite6 via CloudForms and Ansible Tower part 2

laurent, 1 month | Source: Laurent Domb Blog

This post will show you how to add Ansible Tower as a provider in CloudForms, discover and create a catalog item out of a job template we’ve created and order the catalog item via self service portal.

If you followed part 1 you now have a fully functional Ansible Tower which we can add as a provider to Red Hat CloudForms.

Step 1 Login to CloudForms

Step 2 Go to Configuration -> Configuration Management

Step 3 Click on Configuration and add a new provider

Step 4 Fill in the following values (of course it needs to match your environment)
Now ...

[ Read More ]

Register hosts to Satellite6 via CloudForms and Ansible Tower part 1

laurent, 1 month | Source: Laurent Domb Blog

CloudForms is the single pane of glass for virtual machines, cloud instances, and baremetal servers provisioned via Satellite 6. Since we added support for Ansible Tower we can do a lot of magic as we can now call Ansible Tower via CloudForms. What does that mean for operations and orchestration?

Let’s say we have the following use case:

We have a host or multiple hosts which need to be registered to Red Hat Satellite 6 and update to the latest errata. We also want to be able to choose if puppet should be used as a configuration management tool ...

[ Read More ]

Puppet 4 Sensitive Data Types

R.I. Pienaar, 1 month, 3 weeks | Source: R.I.Pienaar -

You often need to handle sensitive data in manifests when using Puppet. Private keys, passwords, etc. There has not been a native way to deal with these and so a cottage industry of community tools have spring up.

To deal with data at rest various Hiera backends like the popular hiera-eyaml exist, to deal with data on nodes a rather interesting solution called binford2k-node_encrypt exist. There are many more but less is more, these are good and widely used.

The problem is data leaks all over the show in Puppet – diffs, logs, reports, catalogs, PuppetDB – it’s not uncommon for ...

[ Read More ]

Puppet Lint Plugins - 2.0 Upgrade and new repo

Dean Wilson (, 2 months | Source: Dean Wilson@UnixDaemon

After the recent puppet-lint 2.0 release and the success of our puppet-lint 2.0 upgrade at work it felt like the right moment to claw some time back and update my own (11!) puppet-lint plugins to allow them to run on either puppet-lint 1 or 2. I’ve now completed this and pushed new versions of the gems to rubygems so if you’ve been waiting for version 2 compatible gems please feel free to test away.

Now I’ve realised exactly how many plugins I’ve ended up with I’ve created a new GitHub repo, unixdaemon-puppet-lint-plugins, that ...

[ Read More ]

Puppet Lint 2.0 Upgrade

Dean Wilson (, 2 months, 3 weeks | Source: Dean Wilson@UnixDaemon

With the recent puppet-lint 2.0 release it seemed a good time to bump the version we use at $WORK and see what’d changed. In theory it was as simple as changing the version in our Gemfile and ideally everything should continue as normal, but in practise it was a little more work than that and in this post I’m going to explain what we found.

Firstly let’s cover a lovely, free, bonus. On our test codebase puppet-lint 1.0.1 took about 25 seconds to run on average. Immediately after the upgrade to 2.0.0 ...

[ Read More ]

A look at the Puppet 4 Application Orchestration feature

R.I. Pienaar, 3 months | Source: R.I.Pienaar -

Puppet 4 got some new language constructs that let you model multi node applications and it assist with passing information between nodes for you. I recently wrote a open source orchestrator for this stuff which is part of my Choria suite, figured I’ll write up a bit about these multi node applications since they are now useable in open source.

The basic problem this feature solves is about passing details between modules. Lets say you have a LAMP stack, you’re going to have Web Apps that need access to a DB and that DB will have a IP ...

[ Read More ]

Deploy your #Puppet Enterprise license key with Puppet

rnelson0, 3 months | Source: RNELSON0

Since I manage my Puppet infrastructure with Puppet itself, I am for full automation. For Puppet Enterprise, that includes deploying the license key file from the puppet fileserver (profile/files/master/license.key served as puppet:///modules/profile/master/license.key). When upgrading to the latest Puppet Enterprise version, 2016.2.0, I encountered a change that was tricky to resolve – the puppet_enterprise::license class accepted […]

[ Read More ]

Fixing the mcollective deployment story

R.I. Pienaar, 3 months | Source: R.I.Pienaar -

Getting started with MCollective has always been an adventure, you have to learn a ton of new stuff like Middleware etc. And once you get that going the docs tend to present you with a vast array of options and choices including such arcane topics like which security plugin to use while the security model chosen is entirely unique to mcollective. To get a true feeling for the horror see the official deployment guide.

This is not really a pleasant experience and probably results in many insecure or half build deployments out there – and most people just not bothering. This ...

[ Read More ]

Upgrading to Puppet 4 at #PuppetConf 2016

rnelson0, 3 months | Source: RNELSON0

As I did last year, I submitted a proposal for PuppetConf 2016 and it was accepted! As I did last year, I am requesting your help with it. The talk,  Enjoying the Journey from Puppet 3.x to 4.x, will help attendees lay out a plan to get to Puppet 4. I will be sharing my […]

[ Read More ]

Interacting with the Puppet CA from Ruby

R.I. Pienaar, 3 months, 1 week | Source: R.I.Pienaar -

I recently ran into a known bug with the puppet certificate generate command that made it useless to me for creating user certificates.

So I had to do the CSR dance from Ruby myself to work around it, it’s quite simple actually but as with all things in OpenSSL it’s weird and wonderful.

Since the Puppet Agent is written in Ruby and it can do this it means there’s a HTTP API somewhere, these are documented reasonably well – see /puppet-ca/v1/certificate_request/ and /puppet-ca/v1/certificate/. Not covered is how to make the CSRs and such.

First ...

[ Read More ]

Ten minute hacks: Hacking airplane headphones

purpleidea, 3 months, 1 week | Source: The Technical Blog of James

I was stuck on a 14 hour flight last week, and to my disappointment, only one of the two headphone speakers were working. The plane’s media centre has an audio connector that looks like this:


Someone should consider probing this USB port.

The hole to the left is smaller than a 3.5mm headphone jack, and designed for a proprietary headphone connector that I didn’t have, and the two holes to the right are part of a different proprietary connector which match with the cheap airline headphones to provide the left and right audio channels.


Completely reversible, and ...

[ Read More ]