Planet Puppet

Your source of Puppet technical information

Puppet integration tests in (about) seven minutes

Dean Wilson (, 1 day, 2 hours | Source: Dean Wilson@UnixDaemon

While puppet-lint and rspec-puppet (thanks to Tim Sharpe) will help ensure your Puppet code is both clean and produces what you’d expect in the compiled catalog there are times when you’ll want to go further than unit testing with rspec-puppet and do some basic integration tests to ensure the system ends up in the desired state. In this post, with the assumption that you have Docker installed, I’ll show a simple way to run basic integration tests against a Puppet module. Hopefully in about seven minutes.

In order to collect all the shinies we’ll use Docker ...

[ Read More ]

What is a backdoor?

rnelson0, 2 days, 23 hours | Source: RNELSON0

Last month, a significant finding in Fortinet devices was discovered and published. When I say significant, I mean, it’s huge – Multiple Products SSH Undocumented Login Vulnerability. In other words, there’s a username/password combination that works on all devices running the affected firmware versions. If you are still running an affected version, you NEED to upgrade […]

[ Read More ]

Managing Kubernetes with Puppet at the London Kubernetes Meetup

Gareth Rushgrove, 4 days, 8 hours | Source: Puppet Labs

Get the slides from Gareth Rushgrove's presentation at the recent London Kubernetes Meetup.

[ Read More ]

DSC deep dive: get up and running with the DSC module

Spencer Seebald, 5 days, 20 hours | Source: Puppet Labs

Puppet and DSC seem similar on the surface — after all, they are both declarative and use a similar syntax. But the differences make them extremely powerful and complementary when used together.

[ Read More ]

Puppet 4 data lookup strategies

R.I. Pienaar, 6 days, 14 hours | Source: R.I.Pienaar -

I recently wrote about the new Data in Modules support in Puppet 4, there’s another new feature that goes hand in hand with this to finally rid us of functions like hiera_hash() and such.

Up to now we’ve had to do something ugly like this to handle merged class parameters:

class users($local = hiera_hash("users::local", {}) {

This is functional but quite ugly and ties your module to having hiera. While these days it’s a reasonably safe assumption but with the ability to specify different environment data sources this will not always be the case. For example there ...

[ Read More ]

Puppet-lint world writable files check

Dean Wilson (, 6 days, 17 hours | Source: Dean Wilson@UnixDaemon

On a *nix system a world writable file is one that anyone can write to. This is often undesirable, especially in production, where who can write to certain files should be limited and enabled with deliberation, not by accident. Ideally you should not be deploying files with those permissions, especially not across all your machines using puppet and so I wrote this plugin to provide a small safety net.

    class locked_down_file {
      file { '/tmp/open_octal':
        ensure => 'file',
        mode   => '0666',

files should not be created with world writable permissions

The world_writable_files puppet-lint check is one possible solution to this. Once installed it ...

[ Read More ]

Making life with Puppet and AWS (or other cloud services) easier

Chris Barker, 1 week | Source: Puppet Labs

I’m pleased to share with all of you our new white paper, AWS Node Lifecycle Management with Puppet. This white paper is an encapsulation of best practices using new capabilities we’ve added to Puppet over the last two years that make working with AWS or any cloud platform much easier. In it, we cover the latest technologies we’ve introduced and examples you can adapt to your own organization’s environment.

[ Read More ]

Yumrepo gpgcheck puppet-lint check

Dean Wilson (, 1 week | Source: Dean Wilson@UnixDaemon

The most recent in my recent series of puppet-lint plugins, the yumrepo gpgcheck enabled check, will mostly be of interest to security conscious Linux users who use a yum or dnf based package manager. In this case we’re checking the gpgcheck attribute, which indicates if yum should perform a GPG signature check on packages. Having this disabled means you’ll accept any packages from your configured repo, not just those signed by the packagers. While it’s often more work to sign your own packages you should at the very least enable it for all upstream yum repositories.

The ...

[ Read More ]

Getting started with policy-driven development and DevSecOps

Carl Caum, 1 week, 1 day | Source: Puppet Labs

Learn how Puppet can help you define, deploy, test and enforce security and compliance policies.

[ Read More ]

No cron resources - customisable puppet-lint check

Dean Wilson (, 1 week, 1 day | Source: Dean Wilson@UnixDaemon

Sometimes there are certain puppet resource types that you don’t want to include in your code base. In my case it was cron but in yours it could be the more line originated augeas or the horribly named computer. The no cron resources check puppet-lint check will display a warning each time it finds a resource of that type in your manifests.

    class cron_resource {
      cron { 'logrotate':
        command => '/usr/sbin/logrotate',
        user    => root,
        hour    => 2,
        minute  => 0,

    # and the lint check will show:
    # 'cron resources should not be used'

While installing the plugin is done in the usual way -

    # add ...

[ Read More ]

Puppet 4 Lessons Learned

rnelson0, 2 weeks, 5 days | Source: RNELSON0

I’ve been working recently on migrating to Puppet 4. All the modules I maintain have supported it for a little bit but my master and controlrepo were still on Puppet 3. I slowly hacked at this over the past month and a half when time presented itself and I learned a few things. This post […]

[ Read More ]

Next generation configuration mgmt

purpleidea, 3 weeks, 1 day | Source: The Technical Blog of James

It’s no secret to the readers of this blog that I’ve been active in the configuration management space for some time. I owe most of my knowledge to what I’ve learned while working with Puppet and from other hackers working in and around various other communities.

I’ve published, a number, of articles, in an, attempt, to push, the field, forwards, and to, share the, knowledge, that I’ve, learned, with others. I’ve spent many nights thinking about these problems, but it is not without some chagrin that I realized that the current state-of-the-art in configuration ...

[ Read More ]

Upcoming speaking

purpleidea, 3 weeks, 1 day | Source: The Technical Blog of James

I’ve got a few upcoming speaking engagements. If you’ll be attending one of these events, come see me or any of the other excellent speakers!

Please remember to check the official schedules in case there are any changes!

I’ll be speaking at the Brussels CentOS Dojo:

Automated Infrastructure Testing with Oh-My-Vagrant
…and the CentOS CI

Time/date unconfirmed: I’ll be showing some CI tricks, and showing you how the CentOS CI is the perfect CI for multi-machine test environments.


I’ll be speaking at FOSDEM:

TL;DR on legal strategy for commercial ventures
An abridged review ...

[ Read More ]

Native Puppet 4 Data in Modules

R.I. Pienaar, 1 month | Source: R.I.Pienaar -

Back in August 2012 I requested an enhancement to the general data landscape of Puppet and a natural progression on the design of Hiera to enable it to be used in modules that are shared outside of your own environments. I called this Data in Modules. There was lots of community interest in this but not much movement, eventually I made a working POC that I released in December 2013.

The basic idea around the feature is that we want to be able to use Hiera to model internal data found in modules as well as site specific data and ...

[ Read More ]

Puppet 4 - Examples - EPP Templates

Anonymous, 1 month, 3 weeks | Source: Example 42

Puppet 4 has some new functionality. Within the next few blog posts I will give some examples on how to use the new functionality. The first post covered the new Data Type system. The second post covered the new function API. This third post covers the new EPP template engine and the HEREDOC implementation. In Puppet 3 all templates were written as ERB (embedded Ruby) templates. All variables in ERB templates have either been looked up dynamically, or one needed to specify the scope for variable lookup. In Puppet 4 a new template engine was introduced: EPP (embedded Puppet). Within ...

[ Read More ]

Iterating in Puppet

R.I. Pienaar, 1 month, 3 weeks | Source: R.I.Pienaar -

Iteration in Puppet has been a long standing pain point, Puppet 4 address this by adding blocks, loops etc. Here I capture the various approaches to working with some complex data in Puppet before and after Puppet 4

To demonstrate this I’ll take some data from a previous blog post and see how to deal with it, here’s the data that will be in $domains in the examples blow:

    "": {
      "nexthop": "70.x.x.x",
      "spamdestination": "",
      "spamthreshold": 1500,
      "enable_antispam": 1
    "": {
      "nexthop": "70.x.x.x",
      "spamdestination": "",
      "spamthreshold": 1500 ...

[ Read More ]

Kickstart your CentOS Template, EL7 Edition

rnelson0, 2 months, 1 week | Source: RNELSON0

I wrote an article on kickstarting your CentOS Template in early 2014 that focused on Enterprise Linux 6. Later in the year, RHEL7 was announced and CentOS 7 soon followed. It’s well past time to refresh the kickstart article. To keep this more of a “moving target”, I’ve created a github repo to host the […]

[ Read More ]

Minecraft module for Puppet

rnelson0, 2 months, 1 week | Source: RNELSON0

At PuppetConf, I had the pleasure of meeting Bren Briggs, who I knew from twitter and IRC, so I was pretty happy when he asked me if I wanted to work on a Minecraft module with him. Of course we’re busy with life and work and the holidays, so we haven’t started yet, but we’re […]

[ Read More ]

example42 @ #cfgmgmtcamp

Anonymous, 2 months, 2 weeks | Source: Example 42

The Config Management Camp has quickly become a conference of reference for who works around it automation and systems management. Ansible, CFEngine, Chef, Foreman, Juju, Puppet, Salt… communities reunite, share, discuss and confront tools, methodologies, approaches and evolution of configuration management. The next edition is the 1st and 2nd of February 2016, in Gent, Belgium, right after, and near, the Fosdem days. Registration is open, the event is free and tickets are quickly going away (book only if you really plan to come, there’ll be people in waitlist). Example42 is a proud sponsor of such a wonderful event. We ...

[ Read More ]

Tiny Puppet 1.0

Anonymous, 2 months, 3 weeks | Source: Example 42

So Tiny Puppet 1.0 is out with a dedicated website and some collateral repos: The tinydata module, where is defined all the application data used by tp defines. The Tiny Puppet Playground, a Vagrant environment where to play and experiment with tp The derived tp-acceptance Vagrant environment, where tests are done and summarized in this compatibility matrix Tiny Puppet [install|conf|dir|test|...] defines work only with Puppet 4, for older versions use the alternatives with 3 suffix. For example: tp::install # Optimized for Puppet 4 or Puppet 3 with future parser enabled tp::install3 # Backwards compatible versions. Work ...

[ Read More ]