Open source Puppet 6.10
- Welcome to Puppet 6.10
- Release notes
- Getting started with Puppet
- Installing and upgrading
- Configuring Puppet
- Puppet settings
- Key configuration settings
- Puppet's configuration files
- puppet.conf: The main config file
- environment.conf: Per-environment settings
- fileserver.conf: Custom fileserver mount points
- puppetdb.conf: PuppetDB server locations
- hiera.yaml: Data lookup configuration
- autosign.conf: Basic certificate autosigning
- csr_attributes.yaml: Certificate extensions
- custom_trusted_oid_mapping.yaml: Short names for cert extension OIDs
- device.conf: Network hardware access
- routes.yaml: Advanced plugin routing
- Configuring Puppet Server
- Puppet Server's config files
- puppetserver.conf: Main config file
- auth.conf: Access control
- webserver.conf: Jetty web server config
- web-routes.conf: Mount points for component services
- global.conf: Trapperkeeper settings
- ca.conf: CA service access control (deprecated)
- master.conf: Authorization by HTTP header (deprecated)
- product.conf: Configuring Product-level Interactions (optional)
- logback.xml: Logging level and location
- Advanced logging configuration
- Bootstrap upgrade notes
- Adding file server mount points
- Checking the values of settings
- Editing settings on the command line
- Configuration settings reference
- Settings that differ under Puppet Server
- Important directories and files
- Environments
- Modules
- Puppet services and tools
- Puppet Server
- Index
- About Puppet Server
- Release Notes
- Deprecated features
- Compatibility with Puppet agent
- Installing Puppet Server
- Configuring Puppet Server
- Differing behavior in puppet.conf
- Using and extending Puppet Server
- Known issues and workarounds
- Administrative API endpoints
- CA v1 API
- Server-specific Puppet API endpoints
- Status API endpoints
- Metrics API endpoints
- Developer information
- The Puppet language
- Language visual index
- The Puppet language style guide
- Files and paths on Windows
- Code comments
- Variables
- Resources
- Relationships and ordering
- Classes
- Defined resource types
- Bolt tasks
- Type aliases
- Expressions and operators
- Conditional statements and expressions
- Function calls
- Built-in functions
- Node definitions
- Facts and built-in variables
- Reserved words and acceptable names
- Custom resources
- Values and data types
- Templates
- Advanced constructs
- Details of complex behaviors
- Writing custom functions
- Hiera
- Facter
- Resource types
- Tracking Puppet activity with reports
- Writing external node classifiers
- References (settings, functions, etc.)
- Man pages
- HTTP API
- Certificate authority and SSL
- Puppet's internals
- Experimental features
Use the Deferred
type to create a function that you add to a module to redact sensitive information.
These instructions use Puppet Development Kit (PDK), our recommended tool for creating modules. The steps are also based on RHEL 7 OS.
- Install PDK using the the following commands:
-
sudo rpm -Uvh https://yum.puppet.com/puppet5-release-el-7.noarch.rpm
-
sudo yum install pdk
You might have to restart your command-line interface for
pdk
commands to be in your path.
-
- From a working directory, run the following commands. You can accept the default answers to the questions for the steps.
-
pdk new module mymodule
-
cd mymodule
-
pdk new class mymodule
-
mkdir -p lib/puppet/functions
-
- Paste this code into
manifests/init.pp
.# This is a simple example of calling a function at catalog apply time. # # @summary Demonstrates calling a Deferred function that is housed with this module in lib/puppet/functions/myupcase.rb # # @example # puppet apply manifests/init.pp class mymodule { $d = Deferred("mymodule::myupcase", ["mysecret"]) notify { example : message => $d } } class { 'mymodule': }
- Paste this code into
lib/puppet/functions/myupcase.rb
Puppet::Functions.create_function(:'mymodule::myupcase') do dispatch :up do param 'String', :some_string end def up(some_string) Puppet::Pops::Types::PSensitiveType::Sensitive.new(some_string.upcase) end end
- Run
/opt/puppetlabs/bin/puppet apply manifests/init.pp
. This outputs a notice.The use of
Sensitive
in theup
function tells the agent not to store the cleartext value in logs or reports. On the command line and in the Puppet Enterprise console, sensitive data appears as[redacted]
.Note: The workflow usingDeferred
functions is the same module adoption workflow that you already use for other modules; you can package functions in a module that are synced down to agents. In most cases, you add the new module to your Puppetfile.
Deferred
functions - notes on using
Notes for consideration when working with Deferred
functions.
Important info about using Deferred
- If an agent is applying a cached catalog, the
Deferred
function is still called at application time, and the value returned at that time is the value that is used. - It is the responsibility of the function to handle edge cases such as providing default or cached values in cases where a remote store is unavailable.
Deferred
supports only the Puppet function API for Ruby.- If a function called on the agent side does not return
Sensitive
, you can wrap the value returned byDeferred
in aSensitive
type if a sensitive value is desired. For example:$d = Sensitive(Deferred("myupcase", ["example value"]))