Autosign Puppet certificates on AWS

Let’s face it, Puppet’s method of certificates is a pain and huge administration overkill if done manually. Thankfully, puppet has designed several methods of auto-signing certificates. One of which is via crafting a special certificate signing request and verifying the certificate signing request is genuine. On the puppet master Apply the following code on your […]

Using Puppet to host a private RPM repository

A repository is a place where files are stored, indexed, and available through a package manager to anyone who has the repository information. With rpm based systems, a repository is created with a tool called createrepo. Most of the time, publicly available repositories already offer the packages your server needs. When you have a custom […]

Deploying Puppet Open Source

Update: (5/28/17) yes, there is the puppet/r10k which supercedes the zack/r10k. While you are free to deviate from the article in your own environment, the below steps still work as intended. I will have to update this article as well as explain why having r10k and dynamic environments is a good idea. In this guide […]

First puppet module published

I completed my first public module for puppet and submitted it to the puppet forge. It seems too simple to compile into a build and submit it to the forge; however, I made it public for these reasons: I needed experience with puppet code testing. This helped me at the most basic level. I felt […]

Securing PWM

In last week’s post we set up PWM insecurely. In this post, we are going to secure it down and install mysql to store the reset questions. This guide assumes you have this CentOS 7 server publicly accessible with ports 80 and 443 available to the entire world. First, we will need to install mysql, […]

Password management portal for end users

We in IT have heard it often, the #1 request coming into help desk ticket systems is password resets, account lockouts, and the like. PWM is a password reset web application written in Java for use with LDAP directories. You can configure it to work with Active Directory, OpenLDAP, FreeIPA, and others. There are already […]

Puppet with Mac and GNU/Linux

Puppet on Mac is a mixture of Puppet on Linux and Windows. Registry settings are called “secrets” and to make things easier, you need to install homebrew. Enforcing a local admin is a little bit tedious. In the past few OSX releases, the have changed their password hashing algorithm several times. This causes a few […]

Puppet with Windows

Using Puppet on Windows workstations can be a challenge. The different architectures (x86 and x86_64) can have an impact on declaring packages. I have decided to ignore 32 bit systems and treat all as 64 bit – after all, it is 2016 and 32 bit should not be deployed.

Puppet as a GPO replacement

When you have a mixed client workstation environment (Windows, Linux, Mac) using GPOs only covers a portion of the environment. Sure, there are some AD plugins for Mac and Linux to let them read and apply those settings, however, those tools cost an exuberant amount of money compared to the open source version Puppet.

Why I went with Puppet over other CMEs

Configuration management engines (CME) have increased in popularity over the past several years. When I evaluated all the potential options, I needed one to be free in cost, work on Mac and Windows, and be easy to set up and use. At the time, only Chef, CFEngine, and Puppet had Windows clients so I tested […]