Keybase and GNUPG and Yubikey (oh my!)

I’ve been meaning to generate PGP keys for my work identity and there is this newfangled social key site named Keybase that is integrated in some tools (Terraform) that I use and I figured I should make it all work with my new Yubikey 4 hardware keystore. So I scoured the Intarwebs for details and could not find the needed incantation. Read more of this post


puppet network module 3.10.0

Today, I have released a large update to my Red Hat network Puppet module to the Puppet Forge.  Numerous pull requests were merged including:

  • Added support for promiscuous interfaces. (Elyse Salberg)
  • Added a parameter to disable restart of network service on change. (Evgeni Golov)
  • Added support for netmask and broadcast parameters in alias range. (Nick Irvine)
  • Added support for ARPCHECK=no for alias ranges. (Nick Irvine)
  • Droped requirement of ipaddress/netmask on static interfaces. (Brian Murphey) Helpful for IPv6-only interfaces.
  • Added support for ARPCKECK=no to static interfaces. (Sander Cornelissen)
  • Made RES_OPTIONS for single-request-reopen optional (default true) (Elyse Salberg)
  • Changed macadress for bond slaves to be optional (if not provided, try to get value from facts). (Elyse Salberg)
  • Added explicit userctl, bootproto, onboot for bond slaves. (Elyse Salberg)
  • Added explicit userctl for static bonds. (Elyse Salberg)
  • Finally fixed the PEERDNS logic by making PEERDNS be separate from DNS1, DNS2, and DOMAIN.

Let me know if you have any feedback!

strict_variables and the RazorsEdge Puppet Modules

Over the past month I have been adding much needed support for running Puppet with strict_variables = true to all of the RazorsEdge Puppet modules. Thanks to coreone, I finally had a solution that did not require tearing out the legacy global variable support. As much as I think that continued inclusion of global variable support has become painful, I am still committed to keeping it around.

I also managed to get the Rspec testing Ruby gem dependencies configured such that things can still be tested on Ruby 1.8.7, 1.9.3, and 2.x as well as Puppet 2.7, 3.x, and 4.x. Travis-CI is also testing Ruby 2.4 and Puppet 5.x for all of the modules. As of now, only two modules are not passing the Puppet 5 Rspec tests and I hope to get those sorted soon.

Let me know if you have any feedback!

Hue Load Balancer TLS Errors

This is a reblog from the Clairvoyant blog.

If you are configuring the Hue load balancer with Apache httpd 2.4 and TLS certificates, there is a chance that you may end up with errors. The httpd proxy will check the certificates of the target systems and if they do not pass some basic consistency checks, the proxied connection fails.

Read more of my post on the Clairvoyant blog.

puppet snmp module 3.8.1

Recently, I have delivered several long-awaited releases of my Net-SNMP to the Puppet Forge. Included are numerous fixes from community members:

  • Change so that service_config_perms parameter, network, and community can be arrays. (Jordan Wesolowski)
  • Add OpenBSD to the supported operating systems, similar to FreeBSD support. (Sebastian Reitenbach)
  • Update README.markdown. (Rémy Garrigue)
  • Create Parameters for template files. (Alexander Schaber)
  • Add support for the Dell OpenManage StorageServices smux OID. (Davide Ferrari)
  • Enable service_config_dir_group class parameter. (Andreas de Pretis)
  • Fix strict variables for defaults in params.pp. (coreone)
  • Add master and agentx options to snmpd.conf.erb. (coreone)
  • Update requirements for the snmp::client class. (Michael Watters)
  • Ensure that /etc/snmp directory exists on RedHat platforms. (Michael Watters)
  • Fix snmptrapd community string configuration. (Doug Schaapveld)

Additionally, there were some other changes:

  • Fix incorrect file mode for snmpd.conf/snmptrapd.conf.
  • Pin gems to specific Ruby versions in order to fix the breakage of Ruby 1.8, 1.9, and 2.x.
  • Update instructions in
  • Add deprecation warning for drop of Puppet 2.7 support.

Let me know if you have any feedback!

puppet snmp module 3.5.0

Today, I have released a minor update to my Puppet module for Net-SNMP to the Puppet Forge. Included are some fixes from community members:

  • Add the ability pass multiple networks for the community string (Rodrigo Menezes). This now allows for more than one rocommunity line in the config.
  • Quote snmpv3 passphrases to cope with weird characters and spaces (Peter Keel)

Let me know if you have any feedback!

puppet network module 3.6.0

Today, I have released a minor update to my Red Hat network Puppet module to the Puppet Forge.  Numerous pull requests were merged including:

  • Installation of the bridge-utils package if bridging is used. (Daniel Werdermann)
  • Added the SCOPE parameter to network::if::static and network::bridge::static. (flipkick)
  • Added peerdns and check_link_down parameters for dynamic interfaces. (Elyse Salberg)
  • Added logic for blank ipaddress, network, gateway to remove extra entries from ifcfg file. (Elyse Salberg)
  • Minor lint and comments cleanup. (Elyse Salberg)
  • Added logic to remove empty HWADDR entry from ifcfg file for blank macaddress (network::bond::dynamic, network::bond::static). (Elyse Salberg)

Let me know if you have any feedback!