Upload large files to Puppet Support – Puppet Support

When you have files that are too large to attach to a Puppet Support ticket, you can upload them to one of our two Puppet-hosted solutions: our MFT server or our SFTP server.

Do you need a Puppet-hosted solution with a web front end? Upload files to our MFT server.
Do you prefer to connect directly to a Puppet-hosted SFTP server? Upload files to our SFTP server.

Version and installation information

Puppet software: All supported versions

Solution

Upload via MFT

You can use our MFT server, https://mft.puppet.com, to upload files to an MFT account via a web browser to a secure folder. Access to your files is restricted to only you and the Puppet team. Files are deleted automatically after 30 days or by request. Once you have an MFT account, it can be reused for future tickets. If you forget your password, there’s a Forgot password? reset available in the server’s web UI.

If you don’t have an MFT account, request one when you need to upload large files related to your Support ticket. Your account is linked to your email address. We’ll send a validation email from goanywhere@puppet.com to the email address you provide, so make sure to include a valid email address as part of your request. After receiving the validation email, you can create an account to upload files to our MFT server. You can either upload files via the web UI or via curl.

Upload files via the web UI

When you log in, a secure folder called Home is displayed. You can either upload files or view previously uploaded files.

Upload files via `curl`

Alternatively, instead of using the web UI, you can upload via the command line using curl. For example:

curl --data-binary "@File to be uploaded" -H "Content-Type: application/gzip" --user <USERNAME>:<PASSWORD> https://mft.puppet.com/upload/<FILENAME>

Important: The Content-Type for the support script tarball is application/gzip, make sure the Content-Type matches with the file you’re uploading.

Alternatively, we can also send you a secure upload link to your email. This method doesn't require a login, and the link will expire in 7 days.

Upload via SFTP

You can upload the output of the support script directly from Puppet Enterprise to our SFTP server. If you want to upload other files to Support, or if your primary server is air-gapped, you can manually upload files to the SFTP server. Access to your files is restricted to only you and the Puppet Support team. We’ll automatically delete the files after seven days or by request.

Upload the output of the support script directly from Puppet Enterprise
Upload the output of the support script and other files manually
SFTP server fingerprint details

Upload the support script directly from Puppet Enterprise to our SFTP server

Before you begin, you need:

An active Support ticket number.
To configure your firewall to allow outgoing TCP traffic on port 22 to ssh://customer-support.puppetlabs.net.

To run the script and upload its output using default credentials that are packaged with Puppet Enterprise, run the following:

puppet enterprise support --v3 --ticket <TICKET NUMBER> --upload

For example,

puppet enterprise support --v3 --ticket 12345 --upload

To specify your own credentials, run the following:

puppet enterprise support --v3 --ticket <TICKET NUMBER> --upload --upload-user <USERNAME> --upload-key <PATH TO SSH PRIVATE KEY>

For example,

puppet enterprise support --v3 --ticket 12345 --upload --upload-user ada.lovelace --upload-key ~/.ssh/id_rsa_pe

If you don’t have a username yet, generate a key pair. Send the public key to Puppet Support and ask for an account to be created for you. You can generate a new key pair using the ssh-keygen utility.

Upload files manually

If you want to upload files to our SFTP server, follow these steps to set up an account. Once you have an SFTP account, it can be reused for future tickets.

If you don’t have a key pair yet, generate one using the ssh-keygen utility.
Send us the public key, and let us know that you need credentials for the SFTP server. We will send you a username.

After you have an account, navigate to the server at customer-support.puppetlabs.net and log in with your credentials, and put files into the drop folder. If you see a host identification warning, check the following section for information about changes to the server’s SSH host fingerprints.

SFTP server fingerprint details

Our SFTP server, customer-support.puppetlabs.net, has the following SSH host fingerprints:

# SHA256 hashes SHA256:FBe09SAyXBiLrWyHgrc7GrLR+hK0sB23VUjELt89Gjg (RSA) SHA256:elWbA2dwlXKLd4q43SfFbSp1Dw2FnbLFufsJ4ITn5TU (ECDSA) SHA256:3fBFrK3hOAYrAXLHnPTvOFUUsNtAYaSxX3l59RBt3dY (ED25519)

# MD5 hexadecimal hashes MD5:7e:83:fa:91:4d:e0:1a:fb:04:8f:c5:cb:83:15:b3:b9 (RSA) MD5:1a:6e:f3:d0:de:14:2b:7c:00:0f:c6:69:14:b9:3e:64 (ECDSA) MD5:bf:5c:3d:e1:61:1e:e4:da:57:9e:2c:73:d3:4f:ed:26 (ED25519)

Changelog

Regular maintenance of the SFTP server can include upgrading to newer operating system versions or hardware. In these cases, host fingerprints of the servers changes. Most SFTP software reacts to a change in the host fingerprint by failing the connection with a warning. For example, OpenSSH prints the following:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ECDSA key sent by the remote host is SHA256:elWbA2dwlXKLd4q43SfFbSp1Dw2FnbLFufsJ4ITn5TU.

This section records the dates at which SFTP fingerprints changed so that users can verify updates.

2018-12-07: The host fingerprints for customer-support.puppetlabs.net were changed.

How can we improve this article?

5 comments

Alex Mesfin

November 20, 2019 14:45

Hi,

I am getting this error:

[root@dccdvtp001 ~]# /opt/puppetlabs/bin/puppet enterprise support --v3 --ticket 37116 --upload --upload-user amesfin
Error: Could not parse application options: invalid option: --upload

Suzanne Baunsgard

November 20, 2019 17:09
Hi, it looks like you're getting help already, I've let those folks know that you've left a comment here. If we can make improvements to the article based on your experience, we will do it.
0
Charlie Sharpsteen

November 27, 2019 18:43

Edited
Hi Alex,

The most common explanation for that error is that your PE version is older than the --upload feature. This flag was added to the LTS in 2018.1.8 and to the STS in 2019.0.3.

Older PE versions will produce the "invalid option" error that you are seeing.
0
Alex Zbarcea

April 20, 2021 16:57

Edited
how to upload only, or how to run the same with behind proxy (with http_proxy) without the proxy config altering the support commands ?

```
cat myFile.json | ssh root@remoteSftpServer -o "ProxyCommand=nc.openbsd -X connect -x proxyhost:proxyport %h %p" 'cat > myFile.json'
```
0
Charlie Sharpsteen

April 19, 2022 00:00
The --upload flag uses the SFTP protocol, not HTTP(S). So, variables such as http_proxy have no effect. There is no proxy support for --upload at the moment.
0

Please sign in to leave a comment.