Skip to content

Instantly share code, notes, and snippets.

View chadh's full-sized avatar

Chad Huneycutt chadh

3 followers · 0 following
  • Atlanta, GA
View GitHub Profile
@chadh
chadh / pdk out
Created September 2, 2022 12:47
[.../mymodule/] $ docker run -it -v"${PWD}":/src --entrypoint= --rm puppet/pdk sh -c "cd /src; pdk validate"
WARNING: The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested
pdk (INFO): Using Ruby 2.5.9
pdk (INFO): Using Puppet 6.27.0
pdk (INFO): Running all available validators...
[✖] Installing missing Gemfile dependencies.
pdk (FATAL): Fetching gem metadata from https://rubygems.org/.......
Using rake 13.0.6
Using CFPropertyList 2.3.6
Using public_suffix 4.0.7
@chadh
chadh / update_puppet_crl.sh
Created January 4, 2021 14:03
#!/usr/bin/env bash
set -euo pipefail
PUPPET_CRL=$(/opt/puppetlabs/bin/puppet config print hostcrl)
PUPPET_CRL_DIR=$(dirname "$PUPPET_CRL")
PUPPET_CA_CRL=$(/opt/puppetlabs/bin/puppet config print cacrl)
PUPPET_CA_CRL_DIR=$(dirname "$PUPPET_CA_CRL")
if [[ -d $PUPPET_CA_CRL_DIR ]]; then
SERVER="yes"
@chadh
chadh / dev_stack
Last active August 12, 2020 12:29
test.php output
ubuntu@ip-10-206-9-109:~/mandrill/backend$ ./test.php
................................................................................................................................................................F...............................................................................................................................................................................................................................................F...............................F...........................................................................................................................................................
---------------------------------------------------------
588 tests run in 847 seconds with 3 failures
:
exception 'Exception' with message 'assertion failed' in /mnt/home-ubuntu/mandrill/backend/test.php:159
Stack trace:
#0 [internal function]: run_test_assertcall('/mnt/home-ubunt...', 91, '')
@chadh
chadh / clean_cron.sh
Created June 23, 2020 18:50
#!/bin/bash
#
# Script to purge /etc/cron.d of stale cron::entry resources.
#
# cron::entry resource filenames begin with "pup_".
#
# shellcheck disable=SC1091
export PATH="/opt/puppetlabs/bin:${PATH}:/usr/local/bin"
@chadh
chadh / certgen.sh
Created June 5, 2020 20:01
#!/usr/bin/env bash
#
# Puppet Server Intermediatet CA Certificate Generation
#
# USAGE:
# certgen.sh -C <ca arn> -R <CA AWS region> -n <host name> -r <instance AWS region> -s <stack> -o <output file>
#
# -C, --ca_arn: AWS CA arn
# -R, --ca_region: Region of AWS CA
# -n, --name: name of instance (e.g. "puppet-1")
@chadh
chadh / foo.pp
Created April 3, 2020 19:53
$top = [
{"certname"=>"lb005.lab1.ca1.foo.co", "name"=>"canary_environment", "value"=>"lab1-W-12345"},
{"certname"=>"lb004.lab1.ca1.foo.co", "name"=>"canary_environment", "value"=>"lab1-W-92345"},
]
$bottom = $top.reduce([]) | $memo, $h | {
$memo + [{ $h['certname'] => $h['value'] }]
}
notify { "$bottom": }
@chadh
chadh / update_crl.sh
Created March 30, 2020 21:28
#!/usr/bin/env bash
set -euo pipefail
ROOT_CRL_S3=<ROOT CRL>
CA_HASH=<CA HASH>
PUPPET_CRL=$(/opt/puppetlabs/bin/puppet config print hostcrl)
PUPPET_CRL_DIR=$(dirname "$PUPPET_CRL")
PUPPET_CA_CRL=$(/opt/puppetlabs/bin/puppet config print cacrl)
PUPPET_CA_CRL_DIR=$(dirname "$PUPPET_CA_CRL")
@chadh
chadh / README.md
Last active December 13, 2021 15:21
Puppet Server with AWS Certificate Manager as External Root CA

Here are the set of steps I ultimately came up with when trying to set up Puppet 6 servers in AWS using an ACM private CA for the Root.

  1. Create Private CA in AWS Certificate Manager

    • Type: Root
    • Common Name: domain.int (whatever you want)
    • Key Algorithm: RSA 2048
    • provide S3 Bucket for storing CRL

  2. Generate Private Key and CSR for each Puppet Server’s Intermediate CA certificate:

    • configuration for openssl command (certreq.cnf):
@chadh
chadh / README.md
Created October 11, 2019 14:40
simple bolt plugin for retrieving inventory from our in-house system DCM
  1. I already had a module with some functions and stuff for our in-house app, DCM, so I just reused that module for this purpose. You could also just make a new, blank module. It should have a bolt_plugin.json file in it to indicate to bolt that the module has a plugin(s)
  2. Create a task to do your lookup. The easiest way is to name it resolve_reference, since that is the name of the hook, and bolt will automatically it. I used bash, but this is just a regular task, so you can use whatever language you want. My example has a single parameter query that I pull off of stdin with jq. The output is a hash with a single key value, and the value for that key is the data that shoudl go in the inventory file.
  3. Add your module to the Puppetfile in your bolt control repo and bolt puppetfile install
  4. Edit your inventory.yaml

I know those are rough instructions, but they should get you started.

@chadh
chadh / bolt_plugin.json
Created October 9, 2019 04:16
bolt dcm inventory plugin
{
"config": {
"mirror": {
"type": "String"
}
}
}