Adding Puppet Forge Modules as Git Submodules

Locate Module on the Forge

Locate the module in question on the forge. The next step is to identify any other unmet dependancies for the forge module and make note of them as well. For example the Chocolatey forge module requires windows_env and powershell as dependancies. Typically googling for the module author, module name, and the word Puppet will turn up the appropriate github result.

 

Add The Submodule

Adding the submodule is done via the CLI on your local instance.

git submodule add <path to clone from git> <path within Puppet repo>

Generally speaking the path within the Puppet will be modules/<module name>

 

The below example is for Chocolatey:

git submodule add git@github.com:chocolatey/puppet-chocolatey.git modules/chocolatey

 

 

Init and Update The Submodule

Once you have added the git submodule you will need to initialize and update it using the following commands:

Initialize Submodule
git submodule init
Submodule Update
git submodule update

 

Commit to Origin

The next step in the process is to commit the changes to our Github instance. Depending on the preferred workflow of the team this can either be done as a Pull Request or committed straight into prod.

Your git status should show changes to the .gitmodules directory.

 

Pulling to Puppet Master

Pull production to the production environment. This will not initialize or update the module, this will simply update the git module. The steps below will initialize and update the submodule within the production master.

Initialize Submodule
git submodule init
Submodule Update
git submodule update <modulename>

Working With Certificates and OpenSSL

In 2018 SSL is a fact of life everywhere. Below are a couple of common useful tips:

 

Generating a CSR and key from a bash script:

 


#!/bin/bash
#Written By rich.staats@metaltoad.com
#Last Modified April 20, 2016
#Auto-Generate CSR and Key file for SHA-256 SSL Certs

#Required Site Info
sitename=$1
commonname=$sitename

#Check for Site Name, If missing error output will be displayed
if [ -z "$sitename" ]
then
	echo "Error! No site name provided, please provide a sitename after typing newcert.sh. ex: newcert.sh mysite.com"
	exit 99
fi

#Generate CSR and Key
openssl req -new -newkey rsa:2048 -nodes -sha256 -keyout ~/$sitename.key -out ~/$sitename.csr

#Show CSR to copy and Paste
echo "Your request completed successfully, copy the CSR below and use a certificate provider to generate an SSL certificate from this CSR"
cat ~/$sitename.csr

Comparing a newly issues crt to its keyfile to ensure they match:


openssl x509 -noout -modulus -in mydomain.com.crt | openssl md5
openssl rsa -noout -modulus -in mydomain.com.key | openssl md5

The output from these should be a matching MD5 string, if the values do not match you have a cert/key mismatch.

Converting crt and key to pfx:


openssl pkcs12 -export -out mydomain.com.pfx -inkey mydomain.com.key -in mydomain.com.crt