Dealing with secrets and sensitive data in Puppet is daunting, right? Nope, not at all. Let me show you how to do it. I've wrapped my head around the options available and want to share my journey in hopes of saving you from a few trials and tribulations. Just interested in the end result? Feel free to scroll down to the last section fittingly entitled The final product. Preface Puppet’s InfraCore team manages engineering's core infrastructure from hardware to the actual host configuration of running applications and services. The InfraCore team was already utilizing hiera-eyaml in their control repo when I joined them last April. That control repo is used by all of SRE at Puppet so this meant other teams could take advantage of having secrets, like passwords and AWS keys, versioned in git without fear of exposure to everyone with access to the repo. That's a big » Read more

 genebean        

This is a step-by-step walkthrough for dual booting a MacBook Pro (Mid-2015 aka MacBookPro11,5) that already has macOS High Sierra on it with Linux Mint. The hard drive is formatted APFS and has File Vault turned on. Before beginning I suggest reading this entire post to see how involved it is or, at a minimum, read the known issues at the bottom. Full Backup Any time you start messing with the partitions of existing drives its a good idea to have a full backup you can fall back on as its really easy to have your drive become unbootable. One way to do this is to use Carbon Copy Cloner. It'll take care of backing up all your files along with the special partitions needed to make things work including the recovery partition. Be sure to put the backup on an external hard drive. Formatting your external drive When » Read more

 genebean        

If you are not familiar with chocolatey, its an awesome package manager, like apt or yum, for Windows. You can also host your own internal chocolatey feed and there is even a Puppet module to build it for you. This can be especially useful for machines that cannot reach out to the internet to perform the installations. Chocolatey even provides a step-by-step guide on how to internalize packages, this can be a lot of manual steps from building packages, to getting them up to the Chocolatey server, keeping history, and maintaining when there are package updates. This is why I created a quick solution for maintaining your package history in Git and using GitLab CI to automate building and deploying packages to your internal Chocolatey server. This guide assumes you have an internal GitLab instance, an internal Chocolatey server, and a Windows based GitLab Runner with powershell execution. Documentation here » Read more

 Jake Spain        

Not long ago Puppet released version 5 to the open source world so, naturally, it was time to start updating all my projects to be compatible with it. The first stop along the way was at the house of Vagrant... only, there's a catch: it's been relocated. That's right, my Vagrant boxes got a shiny new home at app.vagrantup.com/genebean as part of some restructuring done by HashiCorp. After getting my new door key (aka account) I went next door to visit my friend Packer. I hung out in his workshop massaging my templates with the goal of updating and simplifying the boxes I build. The end result included combining all the versions of RVM into a single build and creating a new box for Puppet 5. Now, if you've ever hung around Mr. Packer for any length of time then you know he loves to create multiple » Read more

 genebean        

This is a quick post about how to add validation of your Puppetfile, primarily if you are using the control-repo and r10k for deploying Puppet environments. This came about because I found myself entering incorrect syntax into this file on more than a one occasion. Additionally, there are no indications of any problem, even when importing environments in Foreman, so the only way to find out is by manually running r10k from the command line on the Puppet Server. This assumes you are familiar with and already have puppet-rspec testing setup. If not, please see Unit testing with rspec-puppet — for beginners to get started. Here are the steps to get the validation going: Add gem 'r10k', '>= 2.5.5' to your Gemfile. Note: I had to use version 2.5.5 or else I would encounter Issue #659 when running the tests in Travis CI or GitLab CI, » Read more

 Jake Spain