Working With pe_gem Behind A Proxy

I’ve written and published a module, mail_aliases, to manage email aliases on Linux-based systems. It uses data stored in hiera, and requires that you enable deep hash merges. In order to do that, you have to install the deep_merge gem on your Puppet Master. While you can do that on the command line, this is Puppet, and it should be done in a profile manifest.

In my puppet_master.pp manifest, I have package resources defined for each of the gems I want to manage. Here’s what they look like.

  package { 'deep_merge':
    ensure   => 'latest',
    provider => 'pe_gem',
  }

Note that because these are gems installed in Puppet’s ruby environment, you can’t use the package type’s gem provider. You have to install the pe_gem module, which creates a new provider, pe_gem, that calls /opt/puppet/bin/gem instead of the system gem command. I’ve chosen to use ensure => latest, because I want this gem updated on demand. Due to that, when this part of the catalog is applied, it will run a ‘gem list’ to get the most current version, then a ‘gem install’ if needed.

The problem is that at my client’s site, the Puppet Master can’t reach the Internet directly. That means using pe_gem behind a proxy. By default, Puppet’s gem command won’t work behind a proxy, which means you need to get it to use the –http-proxy flag. That option should be set in a gemrc file so that when the catalog is applied, the ‘gem list’ and ‘gem install’ commands will work.

Due to the way Puppet Enterprise’s ruby environment is configured, you need to put the gemrc file in /opt/puppet/etc. By default that directory doesn’t exist, so create it, and then create a gemrc file that has these contents.

---
gem: --http-proxy http://<proxy hostname>:<proxy port>

After that your catalogs will apply successfully on your Puppet Master.

Leave a Reply

Your email address will not be published. Required fields are marked *