From GarrettHoneycutt

Revision as of 21:36, 12 July 2016 by Gh (Talk | contribs)
Jump to: navigation, search


Cheat Sheet

Removing certs during provisioning process

It is generally advantageous to remove a cert, if it exists, with the name of a system that you are provisioning. If not, then when you reinstall a system with the same name you would have to remove the old cert manually. This involves configuring auth.conf to allow for a HTTP request and the query itself.

Puppet 4

query to remove cert

curl -k -X DELETE -H "Accept :pson" https://${PUPPETCA}:8140/puppet-ca/v1/certificate_status/`hostname -f`


GeSHi Error: GeSHi could not find the language json (using path /sites/mediawiki-1.14.0/extensions/SyntaxHighlight_GeSHi/geshi/geshi/) (code 2)

You need to specify a language like this: <source lang="html4strict">...</source>

Supported languages for syntax highlighting:

4cs, abap, actionscript, actionscript3, ada, apache, applescript, apt_sources, asm, asp, autoconf, autohotkey, autoit, avisynth, awk, bash, basic4gl, bf, bibtex, blitzbasic, bnf, boo, c, c_mac, caddcl, cadlisp, cfdg, cfm, cil, clojure, cmake, cobol, cpp, cpp-qt, csharp, css, cuesheet, d, dcs, delphi, diff, div, dos, dot, ecmascript, eiffel, email, erlang, fo, fortran, freebasic, fsharp, gambas, gdb, genero, gettext, glsl, gml, gnuplot, groovy, haskell, hq9plus, html4strict, idl, ini, inno, intercal, io, j, java, java5, javascript, jquery, kixtart, klonec, klonecpp, latex, lisp, locobasic, logtalk, lolcode, lotusformulas, lotusscript, lscript, lsl2, lua, m68k, make, mapbasic, matlab, mirc, mmix, modula3, mpasm, mxml, mysql, newlisp, nsis, oberon2, objc, ocaml, ocaml-brief, oobas, oracle11, oracle8, oxygene, pascal, per, perl, perl6, pf, php, php-brief, pic16, pike, pixelbender, plsql, povray, powerbuilder, powershell, progress, prolog, properties, providex, purebasic, python, qbasic, rails, rebol, reg, robots, rsplus, ruby, sas, scala, scheme, scilab, sdlbasic, smalltalk, smarty, sql, systemverilog, tcl, teraterm, text, thinbasic, tsql, typoscript, vb, vbnet, verilog, vhdl, vim, visualfoxpro, visualprolog, whitespace, whois, winbatch, xml, xorg_conf, xpp, z80

Puppet 3

query to remove cert
curl -k -X DELETE -H "Accept :pson" https://${PUPPETCA}:8140/production/certificate_status/`hostname -f`


The important part are lines 51 - 57

  3 #
  4 #
  5 # The ACL are checked in order of appearance in this file.
  6 # #
  7 # # For details on auth.conf syntax see:
  8 # #
  9 # #
 10 # ### Authenticated ACL - those applies only when the client
 11 # ### has a valid certificate and is thus authenticated
 12 path ~ ^/catalog/([^/]+)$
 13 method find
 14 auth yes
 15 allow $1
 17 path ~ ^/node/([^/]+)$
 18 method find
 19 auth yes
 20 allow $1
 22 path  /certificate_revocation_list/ca
 23 method find
 24 auth yes
 25 allow *
 27 path  /report
 28 method save
 29 auth yes
 30 allow *
 32 path  /file
 33 auth yes
 34 allow *
 36 path  /certificate/ca
 37 method find
 38 auth any
 39 allow *
 41 path  /certificate/
 42 method find
 43 auth any
 44 allow *
 46 path  /certificate_request
 47 method find, save
 48 auth any
 49 allow *
 51 # Allows nodes to clean up certificates of any node. This is being triggered
 52 # at provisioning time in kickstart to remove the old certificate, since a new
 53 # one is generated when the system is provisioned.
 54 path /certificate_status/
 55 auth any
 56 method find, save, destroy
 57 allow *,pe-internal-dashboard
 59 path  /facts
 60 method find, search
 61 auth any
 62 allow *
 64 # allow all puppet systems to save facts
 65 path  /facts
 66 method save
 67 auth yes
 68 allow,,,,
 70 # allow anyone to see if a puppet master is alive.
 71 # used for load balancer health checks
 72 path /status/no_key
 73 method find
 74 auth any
 75 allow *
 78 path  /
 79 auth any

Spec tests

Spec tests are unit tests that allow you to test what should be present in the catalog.

Tim's tutorial -


Install Puppet

Install some other tools

sudo gem install -V puppet-lint puppetlabs_spec_helper rake rspec-puppet bundler librarian-puppet-simple --no-ri --no-rdoc


You must be in the directory of the module you are testing.

rake spec

SPEC_OPTS="--format documentation" bundle exec rake spec
This actually runs the equivalent of
rake spec_prep; rake spec_standalone; rake spec_clean
You can see these commands by typing
rake -T
If your tests need to download dependencies, you might want to use
rake spec_prep
once and then type
SPEC_OPTS="--format documentation" bundle exec rake spec_standalone
so you do not incur the cost of re-downloading stuff every time you want to run a test.

Dependencies / Fixtures

These should all be noted in your Modulefile and must be listed in .fixtures.yml. example


puppet-module-common has many different types of spec tests.

Example site manifest - site.pp

# Define filebucket 'main':
filebucket { 'main':
  server => '',
  path   => false,
# Ignoring version control artifacts
File {
  backup => 'main',
  ignore => [ '.svn',
              '.bzr' ],
if $::osfamily == 'Suse' and $::lsbmajdistrelease == '11' {
  Package {
    provider => 'zypper',
# include classes from hiera
node default {
  # look in fqdn level of hiera



Puppet Dashboard Pending Tasks

Background Tasks in the Dashboard shows a bunch of tasks. This will help resolve the issue and ensure your reports get inserted.


In the Puppet logs you will likely see errors with this in the string

2013-10-30T07:39:16+0100: [Worker(delayed_job.0 host:HOSTNAME pid:29076)] Report.create_from_yaml_file failed with ActiveRecord::StatementInvalid: Mysql::Error:


restart puppet-dashboard-workers

service puppet-dashboard-workers restart

Work the jobs manually. After doing this, reload the Dashboard in your web browser and you should notice that the number of background tasks is decrementing.

cd /usr/share/puppet-dashboard
rake RAILS_ENV=production jobs:work

If you hit a problem job, delete it from the spool. The filename will be the one from the logs that is having the issue inserting.

rm -f /usr/share/puppet-dashboard/spool/report-with-problem.yaml

You could clear all the jobs if you do not care about history

rake RAILS_ENV=production jobs:clear

Puppet Module Skeleton

A boilerplate is created when using puppet module generate that generates the necessary files to get started on your next module.



Create skeleton directory

SKELETON_DIR=`puppet config print module_skeleton_dir`
mkdir -p $SKELETON_DIR

Clone the repo

git clone $SKELETON_DIR

Remove the .git directory

rm -fr $SKELETON_DIR/.git


Just generate a module and it will use the skeleton.

puppet module generate forgename-foo