with the recent release of puppet 4.0, i think it's time we try and support this in our module.

maybe we could branch off, and only support puppet 4.0 / puppet server (#116).

The module doesn't work out of the box. It reports an error with the $storeconfigs variable as follows:

warning: You cannot collect without storeconfigs being set on line 152 in file /tmp/vagrant-puppet/modules-0/puppet/manifests/server.pp

warning: You cannot collect without storeconfigs being set on line 163 in file /tmp/vagrant-puppet/modules-0/puppet/manifests/server.pp

warning: You cannot collect without storeconfigs being set on line 173 in file /tmp/vagrant-puppet/modules-0/puppet/manifests/server.pp

warning: You cannot collect without storeconfigs being set on line 184 in file /tmp/vagrant-puppet/modules-0/puppet/manifests/server.pp

By default, $storeconfigs is undef, but setting the value to true or false seems to make no difference. The error remains the same during provisioning.

This somewhat duplicates the PR I submitted, but I wanted to track work, outstanding tasks, and resources of use toward adding puppetserver support.

Relevant Documentation

Known Issues
Puppet Server vs. Apache/Passenger Puppet Master
Puppet Server Configuration
Configuring The Webserver Service
Puppet Server and Gems
External CA configuration
External SSL termination

Known Challenges

• The /etc/puppetserver/bootstrap.cfg config file uses an odd syntax; stdlib file_line is probably an easier way to handle this than writing a new augeas lens.
• Gems in the new master are in a different place to isolate them; see Puppet Server and Gems for details. We may want to add a new package provider to wrap that command to allow us to manage gems in the new environment.
• The new master service takes longer to start, but the init scripts are non-blocking, so testing with beaker will require workarounds to watch log files or wait a fixed amount of time.

Features To-Do

• Determine expected paths on supported platforms for files that correspond to /etc/puppetserver/bootstrap.cfg, /etc/default/puppetserver, /etc/puppetserver/conf.d, etc.
• Add ability to configure puppetserver webserver
• CSR signing proxying
• Handle directory environments deprecation
• Manage static file serving via embededed webserver to serve puppet explorer
• Need to identify which puppet.conf features are not supported in puppetserver and handle those specially

What else? I'm adding this for discussion / tracking rather than trying to dictate how we handle puppetserver.

Based on issue #136 and @tampakrap's feedback on PR #140 we ought to fix Gentoo support rather than dropping it.

Gentoo Support To-Do List

• Add rspec-puppet test coverage given the facts that would be expected in a Gentoo environment
• Add a Gentoo beaker nodeset (what version(s) of Gentoo need coverage?)
• Run tests and fix the inevitable issues that are discovered
• Can we move gentoo_use and gentoo_keywords parameters from puppet::agent and puppet::server to puppet::params? I don't feel like we should have distro/OS specific parameters outside of params unless absolutely necessary. (but I don't understand what those parameters do, so that may be a bad idea)
• Add gentoo test coverage to the other puppet modules we depend on. This is a ton of work, but our ability to support a platform (and the troubleshooting effort involved in it) is massively higher when dependencies break

Anything else people can think of? I don't mean to be overly project-manager-y, just hoping that making a more specific list of tasks will make it easier to support the platform.

I'm creating this issue to track the tasks needed to make the puppet-puppet module install in a usable form from the forge, like people expect modules to work. I'm currently working on these and would appreciate feedback.

The key issues I'm currently aware of are:

• ploperations/unicorn depends on ploperations/rack but the latter is not on the forge at all. Fix pending in puppetlabs-operations/puppet-unicorn#14.
• manifests/server/thin.pp requires a thin::app class but the Modulefile doesn't document any dependencies. What module is this supposed to be coming from? I can't find one on the forge that matches the parameters this is passing.
• switch from ploperations/nginx to jfryman/nginx or publish a newer version of ploperations/nginx, because the released ploprations module doesn't seem to handle SSL correctly (I have a dev branch of the switch to jfryman/ngin working, just blocking on figuring out the thin module)

These extras would be nice but not absolutely essential:

• add documentation about (or fix) the need to generate SSL / CA certs manually before setting up a non-standalone CA via this module (Fix pending in PR #133)
• add metadata.json to clarify that RHEL/CentOS isn't really supported (for now) (Fix pending in PR #131)

Any other issues people are aware of that get in the way of doing a normal install? I don't mean this as an overall wishlist, just for stuff needed to do another forge release that works something like people reasonably expect it to out of the box.

We'd like to run puppet more often than once per hour.

Could we please reintroduce interval, or at least get a good reason why it was removed other than update cron interval

It would be cool to not have to specify this stuff in the module (or DB, or hiera, or whatever) if there's a more configurable/comprehensive method (i.e. DNS SRV) available...

i think we should make a release of 1.0.0

then we can branch off 2.0.x and start whacking away at #205 and #116.

This does not belong into this module.

It's something that belongs into a profile, but not here.

$puppet::agent::manage_repos currently is on for all distros by default. Since there are no puppetlabs provided repos for many of the supported distros, I would like to propose either of the followings:

1. Leave it on only for Debian/Ubuntu and Centos/Fedora/Red Hat
2. Default it to off

Let me know if any of the above solutions is acceptable and I'll work on the PR

Starting puppet 3.5.0, we can now use a single directive to configure a common pattern of modules and manifests in different environments: environmentpath

Experience shows that this setting should be in the [main] section, or else things start getting wonky.¹

When setting environmentpath, we have to neglect the modulepath and manifestpath settings.

It should not be within the scope of this new directive to extend to extend config_version_cmd.

An optional environment.conf is presumed to be provided by the user, via git.

The configuration of apt and yum PuppetLabs repos should be optional (enabled as class parameter and/or hiera). My situation is that we have a company mirror of PuppetLabs repos, and the servers are behind our proxy, so the module fails to install with:

Error: wget -q 'http://apt.puppetlabs.com/pubkey.gpg' -O- | apt-key add - returned 2 instead of one of [0]

How do the existing users of puppet-puppet feel about using future parser and structured facts? I'd like to use things like "$processors[count] + 2" but that requires facter 2 and enabling structured facts, which isn't the default.

@igalic in particular I want to make sure this wouldn't cause problems for you, since you've contributed significantly to this module.

from puppet::server

# FIXME
# http://projects.puppetlabs.com/issues/10590
# err: Could not retrieve catalog from remote server: Error 400 on SERVER: can't clone TrueClass
#
# Use a real boolean after hiera 1.0 is out

I guess that's pretty much the case now

Just ran into this - I updated my modulepath via hiera, re-ran puppet on the master, and the master service didn't refresh. Obviously this should be the case for other settings as well.

(I'm planning on fixing this, just wanted to track it in the meantime)

With the value of stringify_facts set to false, the option ends up empty but still placed in the configuration file. This keeps puppet from running on a few of my 3.6 systems.

Currently our tests fail because of the changes in puppetlabs/apt apt::source class. Two of our dependencies currently fail, one is ploperations/puppetlabs_apt and the other is jfryman/nginx. I will submit a PR for the first one. The nginx module is already fixed upstream, we are waiting for a forge release for it.

We really ought to be managing directory environments, since config file environments are quasi-deprecated.

$puppet::params::master_service = 'puppetmasterd' under the centos/rhel case; it should be 'puppetmaster'. I think very much older versions of the rpm installed the service as puppetmasterd, but this hasn't been the case for quite some time I think.

In an effort to make a more targeted approach to this module and its capabilities on the server, we have discussed internally about the possibility of removing the support for thin. I'd like to get some feedback from the user(s) of thin if this is something that would cause pain, or if unicorn/nginx is just as workable a solution for them. To do this, I'd like to put a notice in the module to ask those users to voice their support here.

If you have reached this issue and are in support of removing or keeping thin, please note that here.

we should

• get rid the dependencies we no longer use
• restrict the version requirements on the dependencies we do use.

Puppet Explorer and Puppet Board are under active development, whereas Puppet Dashboard is deprecated by Puppet Labs and gets relatively little maintenance.

How do other users/developers of puppet-puppet feel about removing dashboard support? I'd be open to removing entirely, switching to one of the other dashboards, or keeping it if there actually are active users.

The bug that e32f849 is solving is quite important to me, thus I hereby request a new patch release 0.13.1 of this module

The dashboard.pp says
Actions:
Install puppet-dashboard packages
Write the database.yml
Install the apache vhost
Installs logrotate

But only code applicable to nginx an unicorn can be seen

Just documenting to remember later - but graphite.rb should probably be modified to put all the metrics in an array - then open a socket and socket.puts for each item in the array, then close the socket. Right now opening/closing a socket for each metric value is not great.

Hi,

I am getting the following error:
"
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Duplicate declaration: Class[Puppet::Agent] is already declared; cannot redeclare at /etc/puppet/modules/site/manifests/roles/puppet/master.pp:22 on node server3.site.com
"
My declaration is like this:
class site::roles::puppet::master {

anchor { '::site::roles::puppet::master': }

Class {
require => Anchor['::site::roles::puppet::master']
}

class { '::puppet::server':
modulepath => ['$confdir/modules'],
manifest => '/etc/puppet/manifests/site.pp',
servertype => 'passenger',
reports => 'puppetdb',
servername => $::fqdn,
config_version_cmd => false,
#monitor_server => false,
backup_server => false,
reporturl => '',
parser => 'future',
ca => true,
} ->
class { '::puppet::agent':
server => hiera('puppet_server'),
method => 'service',
manage_repos => false,
} ->
class { '::puppetdb': } ->
class { '::puppetdb::master::config': }
}

The puppet::agent class is only declared once on my code, so I think there must be any kind of dependence/internal declaration in the puppet::server class as If I delete the puppet::agent class and run the code I can see that It handles the puppet agent run on the cron, etc.

Any idea how to fix this

Thanks for your time

Best regards

PS: I am following this tutorial http://terrarum.net/administration/puppet-infrastructure.html

… or makes them really faster, depending on your pov…
it returns an empty catalogue (especially in directory environments) which we've switched on by default.

so, our defaults don't really match up.

I spoke with @actown and he said he's no longer using this module on Gentoo. We don't have test coverage for it, and it's not high on my list. My thinking is that it'd be better to remove probably-broken gentoo code than to let people waste time trying to make it work, until we get a maintainer who's interested in putting the time in to keep it updated.

When trying to include puppet::server with the following configuration:

puppet::server::servertype            : passenger
puppet::server::storeconfigs          : puppetdb
puppet::server::servername            : ppmaster.esat
puppet::storeconfig::puppetdb::server : ppmaster.esat

puppet::agent::server: ppmaster.esat
puppet::agent::manage_repos: false

and this code:

class roles::ppmaster inherits roles::server::internal {
  $role = 'puppetmaster'
  contain repos::config::phusion
  contain puppet::server
  contain puppetdb::server
  contain r10k

  Class[repos::config::phusion] -> Class[puppet::server]
}

We're getting the above error:

Error: Could not find dependency Package[puppetmaster] for File_line[/etc/default/puppetmaster START] at /etc/puppet/environment/production/modules/puppet/manifests/server/standalone.pp:23

The cause seems to be:

Warning: Scope(Class[Puppet::Package]): Could not look up qualified variable 'puppet::server::master'; class puppet::server has not been evaluated
Warning: Scope(Class[Puppet::Package]): Could not look up qualified variable 'puppet::server::master'; class puppet::server has not been evaluated

And if not, where should that support go to?
Into its own module?

The unicorn beaker tests fail with:

Error: /Stage[main]/Nginx::Service/Service[nginx]: Could not restart Service[nginx]: Execution of '/etc/init.d/nginx restart' returned 1: Restarting nginx: nginxnginx:
[emerg] BIO_new_file("/etc/nginx/puppetmaster.crt") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/puppetmaster.crt','r') error:20
06D080:BIO routines:BIO_new_file:no such file)

I haven't investigated the cause yet, but figured I'd file an issue to track it. Since we don't have automated beaker test runs this sort of thing is expected.

I'm working on fixing this, but putting the issue up for the sake of anybody trying to use the module in the meantime.

On nginx and unicorn, the wrong headers are apparently getting set, resulting in SSL validation failing and a 403 permission error on all agent runs.

The reason is that jfryman/nginx defaults to adding a default location in a vhost, and that default location defaults to having three headers set that we also set explicitly later.

Hello,

I found this module and like it a lot better than the puppetlabs/puppet module. I've made several small changes and was wondering if you'd be interested in a pull request.

https://github.com/jtopjian/puppet-puppet

Since this is the -operations area of Puppet, I understand if these modules are more internally maintained than the puppetlabs modules.

Thanks,
Joe

This module should set up cron jobs to compress/delete old reports, because that's a problem common to nearly all puppet masters.

(I'm planning on adding this eventually, just want to add a note so I remember)

Definitely needed. Latest version on the forge uses ripienaar/concat which conflicts with modern modules use of puppetlabs/concat.

Thanks!

On systems where IPv6 sockets are V6ONLY by default the default 'bindaddress' used for the servertype => 'standalone' results in an unreachable master when IPv6 is not configured on the host or AAAA records are not configured for the name. It might be better to stick with the Puppet default of '0.0.0.0' to be less surprising and where needed this can be overridden to '::' when IPv6 is desired.