puppetlabs-seteam / control-repo Goto Github PK

To streamline control repo development and support CD4PE workflows I propose the following changes to contribution rules:

• master becomes the default branch and target for pull requests
• feature branches are removed from this repo and created in forks
• creation of new branches in this repo is restricted

A question remains how to automate updates to the production branch after a master change to support CD4PE-less workflows.

Applying profile::platform::baseline fails on a fresh server2012r2a with chocolatey errors pointing at the uniextract package. It appears from this snippet of the error that the hash/checksum didn't match:

"Error - hashes do not match. Actual value was 'D3A1C3D15747EFA884D79CDD997838966C60265D'. ERROR: Checksum for 'C:\Users\vagrant\AppData\Local\Temp\chocolatey\uniextract.install\1.6.1\uniextract.installInstall.exe' did not meet '2e31438e3da025877b3394344d54d7c31c646863' for checksum type 'sha1'. Consider passing the actual checksums through with --checksum --checksum64 once you validate the checksums are appropriate. A less secure option is to pass --ignore-checksums if necessary. The install of uniextract.install was NOT successful. Error while running 'C:\ProgramData\chocolatey\lib\uniextract.install\tools\chocolateyInstall.ps1'. See log for details"

Chocolatey-error.txt
chocolatey.log

The job should be configured to run onceover on all roles and profiles for the control repo.

Relative to SKO FY21

Paul Anderson Kevin R. just showed an interesting use case I hadn’t really considered: Using custom facts (in this case patching and change windows) combined with Classification groups to:
Quickly show groups of systems that match whatever fact you’re interested in
Quickly run a task against those groups (e.g. reboot systems pending reboot or patch systems with a given time_window)
This seems to me an interesting use case we should consider highlighting in the new SE Repo, especially as we do more and more with Plans.
But it also shows a cool way to show value in the console relative to OSP. IT is more interesting than just SDLC groups (edited)

Ryan Russell-Yates Me neither. I hadn't considered a PE Node Group as a set of rules that I'd want nodes to shift in and out from
In this case: Declaring which nodes are patched, which are prepared for patch, etc

Need to update module

In the vagrant environment, I assign a new/clean server2012r2a node the role::cloudshop, and it runs cleanly, but has the following red errors:
Error: Failed to apply catalog: undefined method 'split' for :windows:Symbol

Oddly, the first run report on the master show as only intentionally changed (though does show the err at the bottom) and subsequent runs show as green check/unchanged.

Subsequent runs in cmd result in the following:
C:\Users\vagrant>puppet agent -t
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Error: Facter: error while resolving custom facts in C:/ProgramData/PuppetLabs/p
uppet/cache/lib\facter\cis_windows.rb: undefined method `chomp' for nil:NilClass

Error: Facter: error while resolving custom facts in C:/ProgramData/PuppetLabs/p
uppet/cache/lib/facter\cis_windows.rb: undefined method `chomp' for nil:NilClass

Info: Caching catalog for server2012r2a.pdx.puppet.vm
Info: Applying configuration version 'b3ec01ab0d517a68d1284d60ad0a8c11bfcb260e'
Error: Failed to apply catalog: undefined method `split' for :windows:Symbol

C:\Users\vagrant>

error-output.txt
last_run_report.txt

• create a travisci pipeline which performs the same tests as the current Jenkinsfile
• add the module to Travis to trigger tests on push to master and PRs to master
• test the new pipeline
• disable the Jenkins integration

Is the first webhook triggering jenkins?

@kreeuwijk raised:

The rake task for checking the Puppetfile gives a false positive:

Failed to evaluate ./Puppetfile
    Original exception:
    ./Puppetfile:72: syntax error, unexpected =>, expecting end-of-input
      :branch => 'master'
                ^
AfterBuildSuccess:
http://cd4pe.inf.puppet.vm:48080/[email protected]/releases/vm-job-instance:158

At the moment I get a 404 when clicking the Details link in the Github PR

Applied demo_cis onto fresh server2012r2a system in vagrant. Ran cleanly and then added the role::cloudshop and saw 2 sets of errors:

1. The choco uniextract hash/checksum not matching error outlined in the other issue: #57

2. Cloudshop must have some password lengths that don't comply with the demo_cis settings:
   Error: User update failed: (in OLE method `SetInfo': )
   OLE error code:800708C5 in Active Directory
   The password does not meet the password policy requirements. Check the min
   imum password length, password complexity and password history requirements.

   HRESULT error code:0x80020009
   Exception occurred.
   Wrapped exception:
   (in OLE method `SetInfo': )
   OLE error code:800708C5 in Active Directory
   The password does not meet the password policy requirements. Check the min
   imum password length, password complexity and password history requirements.

   HRESULT error code:0x80020009
   Exception occurred.
   Error: /Stage[main]/Profile::Platform::Baseline::Users::Windows/User[Sample Demo
   ]/ensure: change from 'absent' to 'present' failed: User update failed: (in OLE
   method `SetInfo': )
   OLE error code:800708C5 in Active Directory
   The password does not meet the password policy requirements. Check the min
   imum password length, password complexity and password history requirements.

   HRESULT error code:0x80020009
   Exception occurred.
   Info: Stage[main]: Unscheduling all events on Stage[main]
   Notice: Applied catalog in 114.12 seconds

C:\Users\vagrant>