Try Puppet 
Search Puppet.com
Why Puppet

Puppet is the industry standard for IT automation.

Manage and automate more infrastructure and complex workflows in a simple, yet powerful way.

Customers
Open source
Cloud & Hybrid Automation

Accelerate your cloud journey with an enterprise automation platform for your hybrid estate.

Continuous Compliance

Enforce compliance across hybrid infrastructure with policy as code and model-driven automation.

Scaling DevOps

Modernize faster with Puppet DevOps consulting and infrastructure as code.

Use Cases
Integrations
Products
Pricing & PackagingGet Puppet Enterprise

First 10 Nodes are free!

Custom consulting services

Get you up and running quickly with a custom solution that addresses your unique business goals and easily allows for growth as your needs evolve.

Professional services
TrainingOpen source
Support
Puppet Compass Logo
Puppet Compass

Puppet Compass is your source for tools and best practices to address common business challenges.

Get Started
Resource library
State of DevOps Report

Since launching our first DevOps survey in 2012, we’ve learned a lot about the power of DevOps to transform organizations.

Puppet Events
Join us for a Puppet event

It's our community that makes Puppet great. Connect with Puppet users and employees.

Virtual Events
Puppet Community
Connect
Puppet Events
About Us

Puppet frees you to do what robots can’t. We make automation software because you’ve got better things to do.

Company
Press & news
Our voiceWorking at Puppet

Troubleshooting

Puppet Complylatest
Sections

Use this section to troubleshoot issues with your Puppet Comply installation.

Reset your Comply password

If you forget your password, you can reset it in the user admin console.

  1. SSH into your Comply node and run the following commands to retrieve the admin username and password: 
    kubectl exec $(kubectl get pod -l app.kubernetes.io/name=comply-auth -o jsonpath="{.items[0].metadata.name}") -- /bin/bash -c 'cat /etc/keycloak/admin-user'
    kubectl exec $(kubectl get pod -l app.kubernetes.io/name=comply-auth -o jsonpath="{.items[0].metadata.name}") -- /bin/bash -c 'cat /etc/keycloak/admin-password'
  2. Navigate to https://<COMPLY-HOSTNAME>/auth/admin using the FQDN of your Comply node.
  3. Login using the credentials from step 1.
  4. Navigate to Users.
  5. Click View all users and select the user account you want to update, and click Edit.
  6. Select the Credentials tab and the reset password.

Reset the platform admin console

As part of the installation process, the platform admin console generates a password for you. You can update this password to one of your choosing after installation.

  1. To reset the platform admin console password, run: 
    kubectl -n default kots reset-password
    The system prompts you to enter a new password of your choosing.
  2. If the command fails with an unknown command "kots" for "kubectl" error it's because /usr/local/bin is not in the path. To address this error, either update the path to include /usr/local/bin, or run: 
    /usr/local/bin/kubectl-kots reset-password default

Access logs

If you run into issues with Puppet Comply, you can download the relevant log files. The Comply logs are stored in the platform admin console.

  1. Navigate to the platform admin console — https://<PLATFORM-ADMIN-CONSOLE-ADDRESS>:8800.
  2. Select the Troubleshoot tab, and click Analyse Comply.
  3. Download the bundle of log files.

Resolve Comply domain

If the Puppet Comply gatekeeper is unable to resolve the Comply domain, try the following troubleshooting steps.

When you assign a hostname to Comply, it needs to be resolved by the pods in your Kubernetes cluster. A preflight check verifies the domain you specified in the configuration is resolvable. You must ensure that the nodes can resolve their own hostnames, through either local host mapping or a reachable DNS server.
  1. To verify your whether your hostname is resolvable, run the following commands: 
    kubectl exec $(kubectl get pod -l app=kotsadm -o jsonpath="{.items[0].metadata.name}") -- /bin/sh -c 'curl --SI <hostname>'
    If the hostname was resolved, the command returns an exit code 0 with no output.
    If the hostname cannot be resolved, the command returns an exit code 6. Proceed to step 2 to add DNS entries.
  2. To add DNS entries for CoreDNS, run the following command to open the CoreDNS configuration maps: 
    kubectl -n kube-system edit configmaps coredns
  3. Add a hosts entry below kubernetes. This is where you configure the DNS entry for Comply. For example: 
    kubernetes cluster.local in-addr.arpa ip6.arpa {
   pods insecure
   fallthrough in-addr.arpa ip6.arpa
   ttl 30
}
hosts {
  10.23.24.25 comply.mycompany.net comply // IP_address canonical_hostname [aliases...]
  fallthrough
}
prometheus :9153
  4. Run the command from step 1 to verify whether the DNS entry was updated: 
    kubectl exec $(kubectl get pod -l app=kotsadm -o jsonpath="{.items[0].metadata.name}") -- /bin/sh -c 'curl --SI <hostname>'
  5. Re-run the preflight checks.

Update the platform admin console's TLS certificate

A self-signed TLS certificate secures the connection between your browser and the platform admin console. Once the initial platform admin console setup process is complete, you can upload new certificates by enabling changes to the installation's Kubernetes secrets.

Use this process if you choose not to add a TLS certificate when installing the platform admin console, or if you need to update your existing TLS certificate.

  1. Enable changes to your installation's kotsadm-tls Kubernetes secret by running: 
    kubectl -n default annotate secret kotsadm-tls acceptAnonymousUploads=1
  2. Restart the kurl-proxy pod to deploy the change by running: 
    kubectl delete pods $(kubectl get pods -A | grep kurl-proxy | awk '{print $2}')
  3. Once the kurl-rpoxy pod restarts and is back up and running, navigate to https://<HOSTNAME>:8800/tls and upload your new TLS certificate.
How helpful was this page?

If you leave us your email, we may contact you regarding your feedback. For more information on how Puppet uses your personal information, see our privacy policy.

Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.