puppet

Puppet gems install workaround after TLS 1.0 switchoff

Hi, It seems that since Ruby disabled the TLS 1.0 protocol, there is an issue with installing custom gems in the puppet server. If you run puppetserver gem environment you will probably see the following output: /opt/puppetlabs/bin/puppetserver gem environment RubyGems Environment: – RUBYGEMS VERSION: 2.4.8 – RUBY VERSION: 1.9.3 (2015-06-10 patchlevel 551) [java] – INSTALLATION …

Multiple classes block declaration in hiera will not work

Morning, Do not add multiple classes in hiera like this: — classes: – profiles::datadogagent – profiles::updatekafka kafka::security: true kafka::security_default: true kafka::heap_size: 2048 classes: – profiles::pybackuplogs – profiles::group_coordinator Class updatekafka will not be executed. The structure should look like: — classes: – profiles::datadogagent – profiles::updatekafka – profiles::pybackuplogs – profiles::group_coordinator kafka::security: true kafka::security_default: true kafka::heap_size: 2048 Cheers!

Log rotate for Kafka Garbage collect without restart

Morning, If you have a Apache Kafka version which is below 1.0.0 and you don’t have garbage collect rotate as shown here: with: -Xloggc:/opt/kafka/bin/../logs/kafkaServer-gc.log -verbose:gc -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+PrintGCTimeStamps -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=10 -XX:GCLogFileSize=100M without: -Xloggc:/opt/kafka/bin/../logs/kafkaServer-gc.log -verbose:gc -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+PrintGCTimeStamps One option is to modify the parameters in order to include them in the process that starts but …

Kafka limits implementation using puppet

Morning, I keep my promise and provide you with the two simple blocks that are needed to implement limits that we discussed in article http://log-it.ro/2017/10/16/ubuntu-change-ulimit-kafka-not-ignore/ For the limits module you can use: https://forge.puppet.com/puppetlabs/limits As for the actual puppet implementation, I took the decision not to restart the service immediately. This being said, it’s dead simple …

Eyaml hiera configuration for puppet, as promised

Morning, We managed to configure also the hiera backend in order to have eyaml module active. It is related to the following past article http://log-it.ro/2017/05/29/install-eyaml-module-on-puppet-master/. So in the hiera.yaml you bassicaly need to add the following configuration before hierarchy: :backends: – eyaml – yaml – puppetdb and :eyaml: :datadir: /etc/puppetlabs/hieradata :pkcs7_private_key: /etc/puppetlabs/puppet/eyaml/private_key.pkcs7.pem :pkcs7_public_key: /etc/puppetlabs/puppet/eyaml/public_key.pkcs7.pem :extension: …

Securing kafka-manager endpoints with iptables rules behind traefik

Hi, One extra addition to my traefik balancing article from http://log-it.ro/2017/08/19/puppet-implementation-traefik-load-balancer-kafka-manager/ is that even so now we have the balancing capability we still need to restrict access to unsecured endpoint. I thought all the code to be deployable on all of the nodes. If this is taken in consideration, our issue with the firewall rules …