This article shows you how to convert a hash into JSON in Puppet using a simple ERB template that gets its data from Hiera. Suppose you have this data in Hiera: Converting a hash into a JSON file on the target node is surprisingly easy. First look up the data: Then create a simple ERB […]
Puppet Development Kit is probably the best thing since sliced bread if you work a lot with Puppet. It makes adding basic validation and unit tests trivial with help from rspec-puppet. It also makes it very easy to build module packages for the Puppet Forge. That said, there is a minor annoyance with it: whenever […]
Every now and then a need to use the content of a file as a variable on an agent node arises. Here's one way to do it with the help of a custom fact. First create a custom fact on the puppet server: You can confine this to restrict it to be available only on […]
While rspec-puppet documentation is quite decent, it does not really explain how to test classes that get their parameters via Hiera lookups, such as profiles in the roles and profiles pattern. Several parameters related to Hiera are listed in the rspec-puppet configuration reference, but that's all. The other documentation you find on the Internet is […]
The traditional way of managing systems with Puppet is to install Puppet agent on the nodes being managed and point those agents to a Puppet server (more details here). This approach works well for environments with tens or hundreds of nodes, but is an overkill for small environments with just a handful of nodes. Fortunately […]
Puppet feature environments are an excellent way to test code before deploying it, typically to production. They allow testing Puppet runs on no-operation mode across the whole node population managed by Puppet. There are sometimes cases where your code changes potentially impact many nodes and you're not exactly sure of their scope or effect. In […]
Our Puppet-server installer product is now available free of charge in AWS Marketplace and Azure Marketplace! 'Configuration Manager' is a cloud image with an easy-to-use Puppet server installer. It supports installation of PuppetDB and Puppetboard as well. The source code can be retrieved from GitHub. Check out details at our product page.
When working with Puppet and Puppet modules in particular you quickly notice that there are several ways to manage module dependencies. Today I learned about a new way introduced in Puppet Bolt 3.x, so I thought I'd compile a list that celebrates this diversity: metadata.json: used primarily to dependency metadata to Puppet Forge. Some tools […]
Puppet Litmus is a Puppet acceptance test harness that leverages on many existing, proven technologies. In the long run Litmus aims to replace Beaker. However, the latter is currently still the only way to run multi-machine (e.g. cluster) acceptance tests in a standardized way. For example we use Beaker for our Keycloak domain mode cluster […]
If you’re at all like me, you every now and then find yourself thrown out of your comfort zone, when you should actually be in it. The pattern usually goes something like this: It’s something simple. I’ll fix it in a couple of minutes and document it for others. I know my stuff. Hmm, this […]
Some Puppet modules like puppet-module-keycloak have hundreds of unit tests. That is good for test coverage, but waiting for test results hurts your productivity when you're developing tests for your new code. There are at least two ways to (temporarily) limit the scope of the tests that you run. First method is baked in into […]
I recently had to add access control rules to OpenVPN Access Server to permit certain groups to access certain IP addresses. As we manage our Access Server configurations with Puppet using puppet-openvpnas (by the author), we needed a way to parameterize the allowed IP addresses while keeping the Puppet code readable. This is where puppet-dnsquery […]
The main annoyance with agent-based configuration management is the management of the agents themselves. They usually don't require any handholding after the initial install, except when you need to migrate them to a new environment. For example, migrate from a Puppet 5-based server to Puppet 6. The migration process is not overly difficult, but in […]
Writing static facts is fairly easy even with a low level of Ruby skills. Below is an example of a fact that returns true or false depending on whether the node has a /boot partition: As you can see above the required information was already inside the "mountpoints" fact of Facter. Using the fact is […]
Here's the next episode in our Duplo visualization series, have a look! This time we put Puppet agents to work. Featuring: Puppet agents will retrieve their desired state definition (catalog) from Puppet master for the Puppet environment they're in. Puppet agent reads the catalog: Puppet agent compares the current state to the catalog and notices […]
Separating data from code in Puppet modules is advisable as it improves reusability of code. The separation can be accomplished with Hiera by having separate levels based on facts, organizational units, locations, etc. Hiera can also be used for storing private data that needs to be protected and must not be readable by outsiders. Typically […]
If the workflow that includes the control repository, r10k and GitLab still feels too light, there are yet more ways to make the workflow heavier by adding more abstraction to the Puppet modules themselves. This is done by adopting the "Roles and Profiles pattern" that was developed by Craig Dunn and popularized in the blog […]
We've been having DIY visualization sessions on Puppet and sysadmin related topics and we wanted to share some of them with you. We had a lot of fun doing this, hope you'll enjoy this even a bit as much as we did! Let me introduce the characters involved in the first chapter: R10k is started […]
NOTE: this article is somewhat outdated. Please refer to Serverless Puppet with control repo, Hiera, roles and profiles and Puppet Bolt instead. Puppet Bolt is a designed to be an orchestration tool, but it can be used for configuration management as well. For example you may have a small environment of handful of nodes where […]
A recent package upgrade seemed to break Puppet syntax highlighting horribly on my Fedora 32 laptop. Not only did syntax highlighting not work, it was actually completely wrong and confusing. It seemed as if the Puppet file type detection was missing, so vim was probably using some a syntax highlighter for a wrong type. To […]