Thomas Kishel tkishel

## puppet_env.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                tkishel
                / puppet_env.md
            
            
              Created
              August 18, 2017 16:28
            
              
                Puppet ENV Inspection
              
          
    # The env of the daemonized puppet as per /proc/pid/environ:
cat /proc/$(cat /var/run/puppetlabs/agent.pid)/environ

LANG=en_US.UTF-8PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin

Given this manifest ....


## reuse_forgotten_replica.sh
#!/bin/bash

# The Puppet Enterprise High Availability documentation states:
#
#   Run the forget command whenever a replica node is destroyed,
#   even if you plan to replace it with a replica with the same name.
#
# Some users prefer to forget and reuse (instead of destroy and replace) a replica.
# As an alternative, when `/opt/puppetlabs/bin/puppet-enterprise-uninstaller` isn't available,
# this script uninstalls Puppet Enterprise on the Replica.

## https_file.pp
# PUP-7814: HTTPS file sources with non-puppet-trusted certs cannot be used

# TODO: Rewrite to accept and pass other File resource attributes to the resulting file.
# TODO: Identify a dependable alternative to grep on Windows.

define https_file (
  String                $cert,
  String                $path    = $name,
  String                $temp    = "${path}.download",
  Pattern[/^https/]     $source,

## device_test.md

      
              1 file
            
          
              1 fork
            
          
              0 comments
            
          
              0 stars
            
          
                tkishel
                / device_test.md
            
            
              Last active
              May 7, 2020 16:45
            
          
    Configure Master

# cat site.pp
node 'pe-201810-master.puppetdebug.vlan' {
  include resource_api::server
}

node 'pe-201810-agent.puppetdebug.vlan' {
  include resource_api::agent


## agent_reset.ps1
$puppet_service   = GWMI Win32_service | Where Name -eq 'puppet' | Select Name,ProcessId,State,Status
$pxpagent_service = GWMI Win32_service | Where Name -eq 'pxp-agent' | Select Name,ProcessId,State,Status
$puppet_process   = Get-Process | Where Name -eq 'puppet' | Select Id
$pxpagent_process = Get-Process | Where Name -eq 'pxp-agent' | Select Id

Write-Host Puppet Service $puppet_service
Write-Host PXP-Agent Service $pxpagent_service

if (($pxpagent_service.State -NotLike 'Running') -or ($pxpagent_service.Status -NotLike 'OK')) {
  Write-Host

## agent_not_reporting.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                tkishel
                / agent_not_reporting.md
            
            
              Last active
              March 25, 2020 23:43
            
              
                Decision Tree: Agent Not Reporting in the Console
              
          
    Decision Tree: Agent Not Reporting in Console on Master


Verify the server setting in puppet.conf on the Agent is set to the Master (or the Load Balancer of the Master).


Verify that the Puppet Agent service is running on the Agent.

If it not running, review the Application and System logs.

If you find a correlated "Puppet Agent service entered the stopped state" event ...

A process or a user explicitly stopped the service.

Look for the process or user that stopped the service.


If you find a correlated "Puppet Agent service terminated unexpectedly" event ...


## prune_puppetdb_stockpile_queue.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                tkishel
                / prune_puppetdb_stockpile_queue.md
            
            
              Created
              July 17, 2019 16:42
            
              
                Prune PuppetDB Stockpile Queue
              
          
    PuppetDB only stores one catalog and factset per node (but n number of reports), so deleting older catalog and fact queue files older than an hour (given runinterval=30) could allow PuppetDB to catch up on the queue, and would not have an impact on the data in PostgreSQL. To delete older catalogs and factsets (that would have been replaced by newer catalogs and factsets) from the PuppetDB queue:
find /opt/puppetlabs/server/data/puppetdb/stockpile/cmd/q -name "*_catalog_9_*.json.gz" -mmin +60 -delete
find /opt/puppetlabs/server/data/puppetdb/stockpile/cmd/q -name "*_facts_5_*.json.gz" -mmin +60 -delete


## cert_error.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                tkishel
                / cert_error.md
            
            
              Created
              July 18, 2019 22:11
            
          
    Decision Tree: Certificate Error


Verify the server setting in puppet.conf on the Agent is set to the Master (or the Load Balancer of the Master).


Note the datetime stamp of the files in puppet/ssl on the Agent


Review the Application and System logs.

Look for the start time of the last run, and for errors before and during that run for a root cause.


Execute puppet agent -t as root on Linux or an Administrator on Windows.

No Certificate?


Execute puppet cert list or puppetserver ca list on the Master


## pes_tune_current.rb
#!/usr/bin/env ruby

# Change into the Support Script output directory, and execute this script.
# Or, pass the directory as the parameter.

require 'json'

# Convert JAVA_ARGS string to a Hash.

def java_args_to_hash(s)

## puppet_until_idempotent.sh
#!/bin/bash

[ "$PT_noop" = "true" ] && NOOP_FLAG="--noop" || unset NOOP_FLAG

puppet_command="/opt/puppetlabs/bin/puppet agent --onetime --verbose --no-daemonize --no-splay --no-usecacheonfailure --no-use_cached_catalog $NOOP_FLAG"

# Sometimes it takes more than one run ...
# Retries until idempotent or error.
#
# Waits for up to five minutes for an in-progress puppet run to complete.
	#!/bin/bash

	# The Puppet Enterprise High Availability documentation states:
	#
	# Run the forget command whenever a replica node is destroyed,
	# even if you plan to replace it with a replica with the same name.
	#
	# Some users prefer to forget and reuse (instead of destroy and replace) a replica.
	# As an alternative, when `/opt/puppetlabs/bin/puppet-enterprise-uninstaller` isn't available,
	# this script uninstalls Puppet Enterprise on the Replica.
	# PUP-7814: HTTPS file sources with non-puppet-trusted certs cannot be used

	# TODO: Rewrite to accept and pass other File resource attributes to the resulting file.
	# TODO: Identify a dependable alternative to grep on Windows.

	define https_file (
	String $cert,
	String $path = $name,
	String $temp = "${path}.download",
	Pattern[/^https/] $source,
	$puppet_service = GWMI Win32_service \| Where Name -eq 'puppet' \| Select Name,ProcessId,State,Status
	$pxpagent_service = GWMI Win32_service \| Where Name -eq 'pxp-agent' \| Select Name,ProcessId,State,Status
	$puppet_process = Get-Process \| Where Name -eq 'puppet' \| Select Id
	$pxpagent_process = Get-Process \| Where Name -eq 'pxp-agent' \| Select Id

	Write-Host Puppet Service $puppet_service
	Write-Host PXP-Agent Service $pxpagent_service

	if (($pxpagent_service.State -NotLike 'Running') -or ($pxpagent_service.Status -NotLike 'OK')) {
	Write-Host
	#!/usr/bin/env ruby

	# Change into the Support Script output directory, and execute this script.
	# Or, pass the directory as the parameter.

	require 'json'

	# Convert JAVA_ARGS string to a Hash.

	def java_args_to_hash(s)
	#!/bin/bash

	[ "$PT_noop" = "true" ] && NOOP_FLAG="--noop" \|\| unset NOOP_FLAG

	puppet_command="/opt/puppetlabs/bin/puppet agent --onetime --verbose --no-daemonize --no-splay --no-usecacheonfailure --no-use_cached_catalog $NOOP_FLAG"

	# Sometimes it takes more than one run ...
	# Retries until idempotent or error.
	#
	# Waits for up to five minutes for an in-progress puppet run to complete.