Hue Load Balancer TLS Errors

This is a reblog from the Clairvoyant blog.

If you are configuring the Hue load balancer with Apache httpd 2.4 and TLS certificates, there is a chance that you may end up with errors. The httpd proxy will check the certificates of the target systems and if they do not pass some basic consistency checks, the proxied connection fails.

Read more of my post on the Clairvoyant blog.

puppet snmp module 3.8.1

Recently, I have delivered several long-awaited releases of my Net-SNMP to the Puppet Forge. Included are numerous fixes from community members:

  • Change so that service_config_perms parameter, network, and community can be arrays. (Jordan Wesolowski)
  • Add OpenBSD to the supported operating systems, similar to FreeBSD support. (Sebastian Reitenbach)
  • Update README.markdown. (Rémy Garrigue)
  • Create Parameters for template files. (Alexander Schaber)
  • Add support for the Dell OpenManage StorageServices smux OID. (Davide Ferrari)
  • Enable service_config_dir_group class parameter. (Andreas de Pretis)
  • Fix strict variables for defaults in params.pp. (coreone)
  • Add master and agentx options to snmpd.conf.erb. (coreone)
  • Update requirements for the snmp::client class. (Michael Watters)
  • Ensure that /etc/snmp directory exists on RedHat platforms. (Michael Watters)
  • Fix snmptrapd community string configuration. (Doug Schaapveld)

Additionally, there were some other changes:

  • Fix incorrect file mode for snmpd.conf/snmptrapd.conf.
  • Pin gems to specific Ruby versions in order to fix the breakage of Ruby 1.8, 1.9, and 2.x.
  • Update instructions in
  • Add deprecation warning for drop of Puppet 2.7 support.

Let me know if you have any feedback!

puppet snmp module 3.5.0

Today, I have released a minor update to my Puppet module for Net-SNMP to the Puppet Forge. Included are some fixes from community members:

  • Add the ability pass multiple networks for the community string (Rodrigo Menezes). This now allows for more than one rocommunity line in the config.
  • Quote snmpv3 passphrases to cope with weird characters and spaces (Peter Keel)

Let me know if you have any feedback!

puppet network module 3.6.0

Today, I have released a minor update to my Red Hat network Puppet module to the Puppet Forge.  Numerous pull requests were merged including:

  • Installation of the bridge-utils package if bridging is used. (Daniel Werdermann)
  • Added the SCOPE parameter to network::if::static and network::bridge::static. (flipkick)
  • Added peerdns and check_link_down parameters for dynamic interfaces. (Elyse Salberg)
  • Added logic for blank ipaddress, network, gateway to remove extra entries from ifcfg file. (Elyse Salberg)
  • Minor lint and comments cleanup. (Elyse Salberg)
  • Added logic to remove empty HWADDR entry from ifcfg file for blank macaddress (network::bond::dynamic, network::bond::static). (Elyse Salberg)

Let me know if you have any feedback!

Puppet modules and git master branch

The events in this post happened 5+ months prior to the posting date. I have been a bit behind on things, but wanted to get this out there.


Here I am minding my own business, testing my modules on Travis-CI and I start to get failures in the rspec tests.  I only updated the Geppetto .project file, how is my CI now failing?

  1) vmwaretools on a supported osfamily, vmware platform, default parameters for osfamily Debian and operatingsystem Ubuntu should contain Class[vmwaretools::repo] with before => ["Package[vmware-tools-esx-nox]", "Package[vmware-tools-esx-kmods-3.8.0-29-generic]"]
     Failure/Error: )}
       Syntax error at '{'; expected '}' at /home/travis/build/razorsedge/puppet-vmwaretools/spec/fixtures/modules/apt/manifests/init.pp:18 on node
     # ./spec/classes/vmwaretools_init_spec.rb:159

It turns out that puppetlabs/apt has a syntax error in init.pp.  But why am I testing against a non-released (to the Forge) version of the APT module? I won’t ask how a syntax error even got committed.

The same goes for puppetlabs/concat:

  27) cloudera::cm5::server on a supported operatingsystem, custom parameters, db_type => postgresql with defaults should contain File[/etc/cloudera-scm-server/] with ensure => "present"
     Failure/Error: it { should contain_file('/etc/cloudera-scm-server/').with_ensure('present') }
       Puppet::Parser::AST::Resource failed with error ArgumentError: Invalid resource type file_concat at /home/travis/build/razorsedge/puppet-cloudera/spec/fixtures/modules/concat/manifests/init.pp:106 on node
     # ./spec/classes/cloudera_cm5_server_spec.rb:313

It looks like puppetlabs/concat is switching to using a second module (electrical/file_concat). Now I have to update my .fixtures.yml (which is fine, I do want to know about dependency changes), but there isn’t a released version of puppetlabs/concat with electrical/file_concat yet.

All of the rspec testing in the world won’t help if dependencies are unstable.  Puppet module git repository master branch should at all times be the same as the code released to the Forge.


puppet snmp module 3.4.0

Today, I have released a minor update to my Puppet module for Net-SNMP to the Puppet Forge. Included are some fixes from community members:

  • Add a pause after service stop and before creating SNMPv3 users (Guy Martin)
  • Skip zero length strings in ERB template output (Brett Delle Grazie)
  • Fixed a small typo in example (Markus Heberling)
  • Fix typo in freebsd config dir perms and ownership (typo101)

Also included is a conversion of the to the new README.markdown layout with improvements to the documentation, and official support for Puppet 4.

Let me know if you have any feedback!

puppet vmwaretools module 5.0.0

This is a major release of my Puppet module to deploy the VMware Tools Operating System Specific Packages. There is a backwards-incompatible change that necessitated the major version bump. The parameters yum_server, yum_path, and just_prepend_yum_path have been renamed to be reposerver, repopath, and just_prepend_repopath respectively. Also, the module now officially supports Puppet 4 and a new parameter was added: gpgkey_url allows one to change the URL where the public GPG key resides.

Let me know if you have any feedback!