Jesse Reynolds jessereynolds

## puppet-enterprise-security-logging.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                jessereynolds
                / puppet-enterprise-security-logging.md
            
            
              Last active
              November 2, 2018 00:15
            
              
                puppet enterprise security logging
              
          
    Puppet Enterprise Security Event Logging

Recommended log files to relay to arcsight in rsyslog:

/var/log/puppetlabs/nginx/access.log
/var/log/puppetlabs/console-services/console-services.log
/var/log/puppetlabs/puppetserver/puppetserver.log

Things we're interested in, by PE component:

  
## create_repo_on_tfs.rb
#!/usr/bin/env ruby

require 'net/http'
require 'openssl'
require 'json'

# Create a new git repo on TFS (aka VSTS, aka Azure DevOps Server soon)

# This works with TFS 2017 (on prem). It differs from the official API documentation
# in that the string "repos/" is not present in the URLs.

## combinations.rb
#!/bin/ruby

# Attempt to do an imperical proof of my answer to the following homework question:
#
#   Find the number of ways in which seven different toys can be given to three children,
#   if the youngest is to receive three toys, and the others receive two toys each.
#

require 'set'

## docker_firewall_rules.pp
  # firewall rules - note that this is an approximation of the iptables rules docker
  # will try and create for itself and will only support the simplest of docker network use cases
  firewallchain { [
    'DOCKER-ISOLATION-STAGE-1:filter:IPv4',
    'DOCKER-ISOLATION-STAGE-2:filter:IPv4',
    'DOCKER-USER:filter:IPv4',
    'DOCKER:filter:IPv4',
    'DOCKER:nat:IPv4',
    ]:
    ensure => 'present',

## copy paste puppet code from pdf.txt
00000000   EF BF BC EF  BF BC 63 6C  61 73 73 20  75 73 65 72  ......class user
00000010   73 20 7B 0A  20 20 75 73  65 72 20 7B  20 27 66 75  s {.  user { 'fu
00000020   6E 64 61 6D  65 6E 74 61  6C 73 27 3A  0A 20 20 20  ndamentals':.
00000030   20 65 6E 73  75 72 65 20  20 3D 3E 20  70 72 65 73   ensure  => pres
00000040   65 6E 74 2C  0A 20 20 7D  0A 7D                     ent,.  }.}
00000050
00000060

## puppet-proxy-config.md

      
              1 file
            
          
              1 fork
            
          
              0 comments
            
          
              2 stars
            
          
                jessereynolds
                / puppet-proxy-config.md
            
            
              Last active
              June 21, 2021 11:29
            
              
                Puppet Proxy Configuration
              
          
    Puppet and Puppet Enterprise Proxy Configuration

There are a few places you can configure proxies with Puppet. This doc will try and list each of the places that they can be configured, and which components will use it.
This is a work in progress and will no doubt change over time. Please add comments if you've got additional info, or found something incorrect.
Methods of Configuring Proxies

/etc/puppetlabs/puppet/puppet.conf


## gist:5082b82216989d9e0bba7c1ca1828963

      
              1 file
            
          
              0 forks
            
          
              1 comment
            
          
              0 stars
            
          
                jessereynolds
                / gist:5082b82216989d9e0bba7c1ca1828963
            
            
              Last active
              July 3, 2019 17:38
            
              
                pe-orchestration-services sql ssl error after restore PE 2017.2.2
              
          
    pe-orchestration-services sql ssl error after restore PE 2017.2.2

2017-07-06 13:02:36,858 ERROR [p.o.api] Failed to make a connection to the database
java.sql.SQLTransientConnectionException: Timeout waiting for the database pool to become ready.
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
        at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
        at clojure.lang.Reflector.invokeConstructor(Reflector.java:180)


## 0-puppet-node-purging-via-api.md

      
              6 files
            
          
              3 forks
            
          
              0 comments
            
          
              17 stars
            
          
                jessereynolds
                / 0-puppet-node-purging-via-api.md
            
            
              Last active
              March 21, 2022 09:42
            
              
                Puppet - Node Purging via APIs
              
          
    Puppet Node Purging via API

When you're decomissioning a machine that has been managed by Puppet you may want to programatically clean up the node. There are two parts to this:

revoking and deleting the certificate of the node in Puppet's CA
deactivating the node in PuppetDB

The following should work for Puppet 4.x and Puppet DB 4.x (including Puppet Enterprise 2016.4.x, 2017.1.x, 2017.2.x).
I've used certificate based auth, and the examples are being run from the puppet master so make use of existing certificates for authentication. When run remotely the cacert, certificate and corresponding private key for authentication will need to be present.

  
## puppet_agent_install_wrapper.ps1
[Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}; $webClient = New-Object System.Net.WebClient; $webClient.DownloadFile('https://puppet:8140/packages/current/install.ps1', 'install.ps1'); .\install.ps1 @args

## azure_puppet_client.pp
class profile::azure_puppet_client (
  Hash $machines,    # will lookup profile::azure_puppet_client::machines hash from hiera
  Hash $credentials, # will lookup profile::azure_puppet_client::credentials hash from hiera
) {

  # packages required as dependencies of the ruby gems
  $packages = ['gcc', 'gcc-c++', 'ruby-devel', 'zlib-devel',]
  package {$packages:
    ensure => present,
  }
	#!/usr/bin/env ruby

	require 'net/http'
	require 'openssl'
	require 'json'

	# Create a new git repo on TFS (aka VSTS, aka Azure DevOps Server soon)

	# This works with TFS 2017 (on prem). It differs from the official API documentation
	# in that the string "repos/" is not present in the URLs.
	#!/bin/ruby

	# Attempt to do an imperical proof of my answer to the following homework question:
	#
	# Find the number of ways in which seven different toys can be given to three children,
	# if the youngest is to receive three toys, and the others receive two toys each.
	#

	require 'set'
	# firewall rules - note that this is an approximation of the iptables rules docker
	# will try and create for itself and will only support the simplest of docker network use cases
	firewallchain { [
	'DOCKER-ISOLATION-STAGE-1:filter:IPv4',
	'DOCKER-ISOLATION-STAGE-2:filter:IPv4',
	'DOCKER-USER:filter:IPv4',
	'DOCKER:filter:IPv4',
	'DOCKER:nat:IPv4',
	]:
	ensure => 'present',
	00000000 EF BF BC EF BF BC 63 6C 61 73 73 20 75 73 65 72 ......class user
	00000010 73 20 7B 0A 20 20 75 73 65 72 20 7B 20 27 66 75 s {. user { 'fu
	00000020 6E 64 61 6D 65 6E 74 61 6C 73 27 3A 0A 20 20 20 ndamentals':.
	00000030 20 65 6E 73 75 72 65 20 20 3D 3E 20 70 72 65 73 ensure => pres
	00000040 65 6E 74 2C 0A 20 20 7D 0A 7D ent,. }.}
	00000050
	00000060
	class profile::azure_puppet_client (
	Hash $machines, # will lookup profile::azure_puppet_client::machines hash from hiera
	Hash $credentials, # will lookup profile::azure_puppet_client::credentials hash from hiera
	) {

	# packages required as dependencies of the ruby gems
	$packages = ['gcc', 'gcc-c++', 'ruby-devel', 'zlib-devel',]
	package {$packages:
	ensure => present,
	}